On Patch Tuesday last week, Microsoft released 14 security bulletins (MS15-058, and MS15-065 through MS15-077) to address vulnerabilities in Microsoft products. Four of these are rated critical.
Systems affected include Microsoft Windows, Office, Internet Explorer and SQL Server. Read the story in the news (This article also includes more on the Adobe Flash issues mentioned above).
One of the critical bulletins, MS15-067 included a patch to address a remote code execution vulnerability in Remote Desktop (RDP).
To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
RDP is heavily used throughout MIT and therefore IS&T recommends that patches are applied as soon as possible. If you have questions or need assistance, send email to the IS&T Help Desk or call 617.253.1101. You can also submit a request online.
Microsoft also released an out-of-band patch (MS15-078) this past Monday for all supported versions of Windows. It fixes a security bug in the way Windows handles custom fonts. The updates is rated as critical.
Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.