Microsoft Dishes Final Windows Server 2003 Updates On Patch Tuesday

Final Windows Server 2003 updates are released as Micrososft patches its own Hacking Team vulnerability

Microsoft has released its final set of updates for Windows Server 2003 (WS2003) in the July edition of Patch Tuesday, which also fixes a vulnerability within Internet Explorer discovered in the documents unearthed in the attack on controversial surveillance tools developer Hacking Team.

Ten of the 14 updates affect WS2003, while four are deemed critical. The Internet Explorer bulletin (MS15-065) fixes 29 vulnerabilities in the browser, including a critical memory corruption bug (CVE-2015-2425) revealed in the 400GB worth of files stolen in the Hacking Team breach.

So far, three new Flash zero-day vulnerabilities have been found in the Hacking Team file dump so it may come as a relief to Adobe that the latest bug doesn’t affect its products.

It’s not you Adobe

Windows 7Another critical vulnerability affecting the Windows Remote Desktop Protocol (RDP) is also repaired as it could allow a remote code execution (RCE).

“The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled,” said Microsoft. “By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.”

Further critical RCE vulnerabilities affecting the VBscript Scripting engine and Hyper-V have also been patched, although Microsoft says the latter is only exploitable if a user had login credentials. Ten other ‘important’ updates also comprise this month’s Patch Tuesday.

From next month, Microsoft will no longer offer updates for WS2003 unless customers have arranged a custom service agreement. However it is estimated there are between 8 and 11 million active WS2003 licences, with many businesses not migrating to a newer version of the operating system or a cloud alternative.

Microsoft has also killed off security updates delivered through Microsoft Security Essentials for Windows XP, potentially exposing those who haven’t yet upgraded to a modern operating system following the official retirement last year.

Are you a security pro? Try our quiz!