CU*Answers Network Services has been tracking two significant Microsoft vulnerabilities published yesterday and how to remediate them. Due to the scope and severity of the issues, the US government has taken the rare step of also publishing alerts for these vulnerabilities through US-CERT and the Department of Homeland Security.
About the Vulnerabilities:
- The first vulnerability is related to how Microsoft Windows operating systems validate trust for certain operations related to encrypted connections or software installation. The vulnerability could allow built-in security protections to be bypassed or tricked by malicious actors. Microsoft has released updates to address this vulnerability.
- The second affects Microsoft’s Remote Desktop software on Windows PCs as well as their Remote Desktop Gateway Server for Windows servers. Successful attacks against this Microsoft software could allow for arbitrary code execution. Microsoft has also released updates to address this vulnerability.
What is CU*Answers Network Services Doing?
Complete Care clients managed by CU*Answers Network Services should have already received our monthly patching notification that we will be applying updates to your network this week. These updates include fixes for these two vulnerabilities. Complete Care clients need to take no additional steps as they will get the updates automatically. As always, please continue to monitor your Monthly Patching Reports to ensure your network is fully up to date.
Non Complete Care clients should contact their network administrator or contact Network Services for a Complete Care proposal.
If you have questions, please contact the Network Services Help Desk at extension 266.