On Black Tuesday, RDP Shines

Microsoft patched two privately reported vulnerabilities for RDP today. Yes, RDP. No, not the server, the client. One of the most widely used tools by Windows system administrators is vulnerable to remote code execution. Not good. There is good here though, in order to exploit this vulnerability the user of an RDP client must be tricked or social engineered to connect to a malicious RDP server or a specially crafted website. Also, Microsoft is not aware of an exploit for this vulnerability at the time of this writing. It shouldn’t be long though, as we all know the more popular the software, the more likely there will be an exploit for an existing vulnerability.

Users currently employing automatic updates should see this issue resolved during their next update. For those of us who cannot have automatic updates enabled, we’d recommend getting this patch in during the next maintenance window.

Sun Java System Access Manager XSLT/XML Vulnerabilities

A remote user may be able to execute arbitrary code in the context of the Access Manager application. The use would need to create an XML signature that would be viewed locally with the Access Manager. The privileges of the Access manager would be the same as web container application that it is run from. This could result in access to the hosting system.

The original advisory is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201538-1

Symantec Backup Exec Vulnerability

Backup Exec System Recovery Manager version 7.0 and 7.0.1 have been found to be vulnerable to a flaw that allows attackers to upload files without authentication. This can lead to the execution of arbitrary code. The attack vector is a specially crafted HTTP post. Symantec has released an advisory and update at: http://www.symantec.com/avcenter/security/Content/2008.02.04.html