News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – forget that crypto one, worry about this one

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – forget that crypto one, worry about this one

    This topic contains 7 replies, has 6 voices, and was last updated by  WildBill 1 week, 2 days ago.

    • Author
      Posts
    • #2085040 Reply

      Susan Bradley
      AskWoody MVP

      If you are a IT consultant or admin with an Essentials 2012 (or later) server, or use the RDgateway role and expose it over port 443 to allow users to
      [See the full post at: Patch Lady – forget that crypto one, worry about this one]

      Susan Bradley Patch Lady

      2 users thanked author for this post.
    • #2085069 Reply

      abbodi86
      AskWoody_MVP

      Maybe the vulnerable RD technology don’t exit in Server 2008/R2
      specially the Web Application Proxy

      this one has the exact same description and affected Servers, i suppose each one cover specific RD components
      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

      • This reply was modified 1 week, 5 days ago by  abbodi86.
      1 user thanked author for this post.
    • #2085149 Reply

      willem_nl
      AskWoody Lounger

      I have a question: should we drop everything and rollout the patch and reboot immediatly, or can we patch it over the weekend?

      • #2085155 Reply

        Paul T
        AskWoody MVP

        Do nothing, we are at Defcon 2.
        Wait for more details here.

        cheers, Paul

        • #2085408 Reply

          Susan Bradley
          AskWoody MVP

          If you are a server admin and you let users use RDP/RDgateway or use Remote web access, I patched last night on the server that handles RDgateway.    This is a specific issue with servers, not workstations.

          Susan Bradley Patch Lady

        • #2085411 Reply

          Susan Bradley
          AskWoody MVP

          Actually the answer is “it depends”.  Home users that don’t RDP into work access should follow the guidance of their IT admins.  Home users that only RDP into local machines can wait.  Small businesses that use RDgateway to access desktops should be patching that server that handles the RDgateway role asap.

          Susan Bradley Patch Lady

          1 user thanked author for this post.
    • #2085189 Reply

      doriel
      AskWoody Lounger

      Once again I feel (although its not true), that newer systems has more vulnerabilities than the old one. When will poeple learn, that hackers are always going to be one step ahead.

      Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

      HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

    • #2086428 Reply

      WildBill
      AskWoody Plus

      Here’s a new problem… which shouldn’t be 1 unless people are still using IE: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001. There’s a workaround that applies to Jscript.dll. As the guidance says, IE9, IE10 & IE11 .use Jscript9.dll & aren’t affected.

      Update: Ignore this; Woody just put a post about it on the Home Page. Saw it when I refreshed… as Emily Latella would say, “Never mind/”

      Windows 8.1, 64-bit, back in Group A... & leaning toward Windows 10 V1909. As long as it's a Lot Less Buggy!
      Wild Bill Rides Again...

      • This reply was modified 1 week, 2 days ago by  WildBill.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – forget that crypto one, worry about this one

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.