News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – forget that crypto one, worry about this one

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – forget that crypto one, worry about this one

    Viewing 4 reply threads
    • Author
      Posts
      • #2085040 Reply
        Susan Bradley
        AskWoody MVP

        If you are a IT consultant or admin with an Essentials 2012 (or later) server, or use the RDgateway role and expose it over port 443 to allow users to
        [See the full post at: Patch Lady – forget that crypto one, worry about this one]

        Susan Bradley Patch Lady

        2 users thanked author for this post.
      • #2085069 Reply
        abbodi86
        AskWoody_MVP

        Maybe the vulnerable RD technology don’t exit in Server 2008/R2
        specially the Web Application Proxy

        this one has the exact same description and affected Servers, i suppose each one cover specific RD components
        https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

        • This reply was modified 4 months, 1 week ago by abbodi86.
        1 user thanked author for this post.
      • #2085149 Reply
        willem_nl
        AskWoody Lounger

        I have a question: should we drop everything and rollout the patch and reboot immediatly, or can we patch it over the weekend?

        • #2085155 Reply
          Paul T
          AskWoody MVP

          Do nothing, we are at Defcon 2.
          Wait for more details here.

          cheers, Paul

          • #2085408 Reply
            Susan Bradley
            AskWoody MVP

            If you are a server admin and you let users use RDP/RDgateway or use Remote web access, I patched last night on the server that handles RDgateway.    This is a specific issue with servers, not workstations.

            Susan Bradley Patch Lady

          • #2085411 Reply
            Susan Bradley
            AskWoody MVP

            Actually the answer is “it depends”.  Home users that don’t RDP into work access should follow the guidance of their IT admins.  Home users that only RDP into local machines can wait.  Small businesses that use RDgateway to access desktops should be patching that server that handles the RDgateway role asap.

            Susan Bradley Patch Lady

            1 user thanked author for this post.
      • #2085189 Reply
        doriel
        AskWoody Lounger

        Once again I feel (although its not true), that newer systems has more vulnerabilities than the old one. When will poeple learn, that hackers are always going to be one step ahead.

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      • #2086428 Reply
        WildBill
        AskWoody Plus

        Here’s a new problem… which shouldn’t be 1 unless people are still using IE: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001. There’s a workaround that applies to Jscript.dll. As the guidance says, IE9, IE10 & IE11 .use Jscript9.dll & aren’t affected.

        Update: Ignore this; Woody just put a post about it on the Home Page. Saw it when I refreshed… as Emily Latella would say, “Never mind/”

        Windows 8.1, 64-bit, back in Group A... & leaning toward Windows 10 V2004. As long as it's a Lot Less Buggy!
        Wild Bill Rides Again...

        • This reply was modified 4 months, 1 week ago by WildBill.
    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – forget that crypto one, worry about this one

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.