Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



MSFT security researcher’s insights on July Patch Tuesday

July 2023 by MSFT security

Today, Microsoft released software updates to fix a significant vulnerability in the Remote Desktop Gateway (RDP Gateway), tagged as CVE-2023-35332. This vulnerability is centered around the usage of outdated and deprecated protocols, including Datagram Transport Layer Security (DTLS) version 1.0, which presents substantial security and compliance risk to organizations.

Cyolo’s security team identified and disclosed this vulnerability to Microsoft, and I wanted to provide additional insight from Dor Dali, Head of Research at Cyolo:

• This vulnerability not only presents a substantial security risk but also a significant compliance issue. The use of deprecated and outdated security protocols, such as DTLS 1.0, may lead to non-compliance with industry standards and regulations - like SOC2, FEDRAMP, PCI, HIPAA, and others – incurring on potential legal disputes and hefty fines.
• In cases where an immediate update isn’t possible, an effective workaround is to disable UDP support in the RDP Gateway. This prevents the establishment of the secondary channel over UDP, eliminating the use of the deprecated DTLS 1.0 and thereby mitigating the vulnerability. A necessary step that could potentially impact performance, but that will ensure security and compliance until the server can be updated.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts