Microsoft Dishes Final Windows Server 2003 Updates On Patch Tuesday

Microsoft has released its final set of updates for Windows Server 2003 (WS2003) in the July edition of Patch Tuesday, which also fixes a vulnerability within Internet Explorer discovered in the documents unearthed in the attack on controversial surveillance tools developer Hacking Team.

Ten of the 14 updates affect WS2003, while four are deemed critical. The Internet Explorer bulletin (MS15-065) fixes 29 vulnerabilities in the browser, including a critical memory corruption bug (CVE-2015-2425) revealed in the 400GB worth of files stolen in the Hacking Team breach.

So far, three new Flash zero-day vulnerabilities have been found in the Hacking Team file dump so it may come as a relief to Adobe that the latest bug doesn’t affect its products.

It’s not you Adobe

Another critical vulnerability affecting the Windows Remote Desktop Protocol (RDP) is also repaired as it could allow a remote code execution (RCE).

“The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with Remote Desktop Protocol (RDP) enabled,” said Microsoft. “By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.”

Further critical RCE vulnerabilities affecting the VBscript Scripting engine and Hyper-V have also been patched, although Microsoft says the latter is only exploitable if a user had login credentials. Ten other ‘important’ updates also comprise this month’s Patch Tuesday.

From next month, Microsoft will no longer offer updates for WS2003 unless customers have arranged a custom service agreement. However it is estimated there are between 8 and 11 million active WS2003 licences, with many businesses not migrating to a newer version of the operating system or a cloud alternative.

Microsoft has also killed off security updates delivered through Microsoft Security Essentials for Windows XP, potentially exposing those who haven’t yet upgraded to a modern operating system following the official retirement last year.

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago