3 million Let’s Encrypt certificates to be cancelled

Let's Encrypt CAA flaw

Let’s Encrypt revoked certificates

Let’s Encrypt has announced that it is to revoke aroound 3 million TLS/SSL certificates because of a serious flaw found in the CAA (Certificate Authority Authorization). The certificates will be revokend on the 4th March 2020 from 00:00 UTC. Read More

Remote Desktop Protocol (RDP) Flaw

Just a quick note to all, although I only know of a couple of folks that do this and they will be contacted urgently.

If you use Microsoft Remote Desktop Protocol (RDP) over the Internet then there is a serious bug that has just been discovered that allows an attacker to gain entry even with out a username and password.

The good news is that if you use a VPN connection first, then you are completely safe from this. Likewise if you use Network Layer Authentication only then you are not at risk either.

As always we recommend that you use RDP over a VPN tunnel, this way you are not vulnerable to any problems found in the protocol.

If you are concerned then please contact us and we will assess your situation with you.

If you want to deal with this yourself then you need to run updates on your servers as well as your desktops. The problem has now been fixed in the latest updates.

Keep Safe.

CritchCorp Support Team!