August Patch Tuesday delivers a smorgasbord of fixes

Stephen Withers
Wednesday, 12 August 2009 05:59

Business IT - Security

The RDC issue is regarded as critical on all version of Windows except Server 2008 Server Core, and as important for Remote Desktop Connection Client for Mac 2.0.

The remaining issues are all rated important. They concern the Workstation Service, Message Queuing Service, Telnet, and ASP.NET. One or more of these apply to all currently supported versions of Windows.

"It's very interesting to see the number of clients that are affected when connecting to a malicious server. It seems to me that we're seeing a rise in this," said Reguly.

"User interaction vulnerabilities are very common in this space, especially with IE. We've even seen a few affect SMB in the recent past, and now, today, we're seeing both RDP and Telnet. It looks like security researchers are branching out from IE and looking at other services to find places where they can manipulate end users into connecting to malicious servers to own their system," he added.

Software other than Windows itself affected by this month's updates includes Office (XP, 2003; the Web components for 2000, XP, and 2003; and Office Small Business Accounting 2006), Visual Studio .NET 2003, ISA 2004 and 2006, and BizTalk Server 2002.

As usual Microsoft has also released an update to the Windows Malicious Software Removal Tool, the Windows Mail Junk E-mail Filter and the Outlook Junk E-Mail Filter.

And - curiously described as non-security content - an update for XP, Vista, and Server 2003 and 2008 will "help strengthen authentication credentials in specific scenarios", according to Microsoft officials.