Overview of the January 2013 Microsoft Out of Cycle patches and their status.
We will update issues on this page for about a week or so as they evolve.
We appreciate updates US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.
------
-- |
Richard 173 Posts ISC Handler Jan 14th 2013 |
||||||||||||||||||||||
Thread locked Subscribe |
Jan 14th 2013 9 years ago |
||||||||||||||||||||||
Don't forget: Remote Desktop Servers and Citrix XenApp servers should be treated as clients too if you allow your users to browse the web from them!
|
Anonymous |
||||||||||||||||||||||
Quote |
Jan 15th 2013 9 years ago |
||||||||||||||||||||||
I have to agree with Tonjes, a user on a terminal server can do a lot of damage once "possessed" - admin rights are not needed to delete files or overwrite them with junk.. :(
And if malware is dropped around the file system it may eventually be launched by an admin. (My Documents could also be available locally on the PC - and the user might be admin there?) Or - the bad guys might combine one exploit with another to get their privilege escalation fix. This has been done before!? Or .. Well, to be honest I just don't like giving them a starting point at all! ;) |
dotBATman 70 Posts |
||||||||||||||||||||||
Quote |
Jan 16th 2013 9 years ago |
||||||||||||||||||||||
TS and Citrix boxes are client machines, not servers, plain and simple. It's amazing to me how many admins and security goons fail to see this simple fact.
"Why would you want to put an office update on a server?" If I only had a dollar for each time I heard this I could buy a round... The communal "jump box" is a candidate as well. |
dotBATman 1 Posts |
||||||||||||||||||||||
Quote |
Jan 16th 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!