Microsoft's February security update fixes the vulnerability that can result in reverse RDP attacks in the built-in Windows RDP client, but third-party RDP clients are still vulnerable, Check Point said.
Vulnerabilities need to be patched, but security doesn’t stop with updates since the attackers may already be inside the network. Additional steps may be necessary, such as resetting passwords and looking for evidence of other types of infection or compromise.
Thousands of software vulnerabilities are made public each year, leaving IT and security teams to sift out irrelevant issues from the bugs that need to be fixed. Rapid7's Attacker Knowledge Base brings crowd-sourced feedback to enterprise defenders to help them figure out which flaws to pay attention to.
Google and Mozilla have released multiple versions of their web browsers over the past few days to roll back certain features and to fix high-severity vulnerabilities.
A security vulnerability in Microsoft Exchange that was fixed in February is still unpatched on hundreds of thousands of Exchange servers.