The NCSC weekly threat report has covered the following:
Microsoft Remote Desktop Services vulnerabilities.
This week the NCSC weekly Threat Report warned of two new vulnerabilities affect Microsoft Remote Desktop Services (RDS). They are described as ‘wormable’ meaning that malware could spread between vulnerable computers, without any user interaction. Affected systems include include Windows 7, 8 ,10 and Windows Server 2008 and 2012. Microsoft has released patches and OxCERT has issued an advisory notice via ITSS.
A number of important vulnerabilities in Adobe Acrobat and Reader for Windows and MacOS were also reported which, if exploited, could be used for unauthorised information disclosure and arbitrary code execution attacks. Adobe has released security updates to address these vulnerabilities and the more general advice from NCSC is to enable automatic updates to all software where possible, to ensure systems are protected.
Social Media platforms available on more devices than ever before.
The NCSC also highlighted the interesting story of how a tech savvy teenager, whose phone had been confiscated by her parents, had still managed to send tweets via a Nintendo device, a Wii U gaming console and eventually via the family’s ‘smart’ refrigerator. The story was highlighted to warn about the need to secure smart devices, as the internet of things (IoT) continues to grow: one of the most exploited device weaknesses is manufacturers’ default passwords and these should always be changed as per the University’s baseline information security standards.