Patch Tuesday: Yet another Microsoft RCE bug under active exploit August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. Let's start off with Microsoft's 121 security holes, which are the most interesting of the ever-growing, second-Tuesday patch party. Plus, they include one that Redmond lists as under active …
So I diligently follow the link - find my processor and then check the link for CVE-2022-21233 only to be sent to the details for CVE-2022-28693 (ok I can find the details if I type intel-sa-00657.html at the end of the link). Does anyone at intel check these things?
I had to check the CVEs to confirm that Point to Point is actually PPP, and the CVEs state that Windows RAS is vulnerable. I personally haven't seen a Windows RAS in probably 20 years now. I know some folks use Windows server to terminate VPN connections on, am unsure what protocols those use. I'm guessing 99.9% of windows installs out there aren't running the RAS service.
But even back in early 2002 the small company I was at was using Cisco 3000 VPN Concentrator appliances for Windows users(had no mac users), and probably a poor security solution but a open source product called vpnd I think at the time for the limited Linux users who wanted remote access(maybe half dozen including me).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
