The Latest Microsoft Desktop Connection Problems

Nothing is ever perfect; it seems that everything in life comes with a set of problems. This concept may be applied to the world of computer security. No matter how many fixes and releases are made available, sooner or later we are hot with new vulnerabilities. The world of computer security and vulnerabilities is far from perfect, but having a decent understanding of the new vulnerabilities and applying the relevant updates is usually the best method to ensure you stay safe. I am here to share some information about two new vulnerabilities that have recently been confirmed in the Microsoft Remote Desktop Connection Client.

These vulnerabilities run the risk of being exploited in order for attackers to compromise the systems of chosen users. They also allow for the execution of arbitrary code to take place on installations which have proven vulnerable, with regard to Microsoft's Remote Desktop Client. You may be surprised to know that authentication is not a prerequisite in order for this vulnerability to be actively exploited. We all know that if malicious online attackers are able to gain system access, they will also more than likely be able to gain access to the majority of your confidential information, which poses very high risks for all victims of this vulnerability.

Let me inform you about one vulnerability at a time. There is a flaw that exists within the "mstscax.dll Remote Desktop Connection (RDP) library". This error is activated when the processing of server responses takes place. At the end of the day this vulnerability has a very high risk of being exploited by malicious online attackers in order corrupt arbitrary memory. The malicious online attackers may achieve this goal by persuading and manipulating victims into connecting to a tampered with Remote Desktop Connection server.

The next vulnerability pertains to a flaw that exists within the Remote Desktop Web Connection, specifically the ActiveX control. This runs the risk of being exploited by malicious online characters in order to cause a heap based overflow attack. This may be successfully achieved by malicious online attackers manipulating victims into visiting dangerous, tampered with web sites. Both of these vulnerabilities may allow for the execution of arbitrary code.

The great news that I have for you is that a security update has been released that attempts to solve the problem of both vulnerabilities. The security update has been made available for the majority of the default versions that relate to the Remote Desktop connection. This includes: Remote Desktop Connection Client for Mac 2.0, Windows Vista for x64-based Systems as well Windows XP Service packs. Some of the files of Microsoft Windows XP include: acspecfc.dll, ACBROWSER.EXE, compact.exe as well as counters.dll. 

The update alters the manner in which the Remote Desktop Connection deals with parameters which are unexpected and sent to the Remote Desktop Server. It attempts to correctly authenticate parameters that are passed to the Remote Desktop Connection Active X controls. It has been suggested that if you do not have automatic updates enabled, then it may be in your best interest to do so. Alternatively the option remains to find this new update and apply it manually. No matter what method is used to apply the update, the important part is that the update is applied.