Microsoft issued a security bulletin yesterday, in conjunction with one of a series of security patches released that same day, acknowledging what it deemed a “Moderate” security risk. A flaw in Windows’ Remote Desktop Services (RDS) had been discovered last May by a contributor to Security-Protocols.com, claiming a remote attacker could craft a packet which crashes RDS, and thus the system running it, by virtue of RDS not properly releasing unused memory. The patch for this risk is available now from Microsoft Windows Update.
Read the Microsoft Security Bulletin… (Microsoft TechNet)
Read the details of the reported flaw… (Security-Protocols.com)