Stratodesk has made an update available to NoTouch Desktop customers using FreeRDP and combats the recently exposed vulnerabilities in Microsoft Credential Security Support Provider protocol –the protocol used in its Remote Desktop Provider environment.
This new update is available in NoTouch OS 2.40.2976. In order to ensure their security, customers using NoTouch OS with FreeRDP have the option to either uninstall Microsoft hotfixes KB408876 and KB408879 or update to the latest version of NoTouch OS.
This update was made by the Stratodesk team in order to combat recent vulnerabilities found in Microsoft RDP, not in NoTouch OS. The update was made to be current with Microsoft’s patch that contained fixes for 75 security bugs along with patches for 15 exposed flaws. In addition to these bugs and flaws, there was one exploit in particular that exposed system admins to possible credential theft.
CredSSP is used in Microsoft’s Remote Desktop Protocol (RDP) to transfer user credentials from the client to the server. Although the vulnerability is only possible to exploit in situations known as “man-in-the-middle attacks,” it is recommended that Stratodesk customers make the necessary updates or uninstallation to protect against potential vulnerabilities.
NoTouch OS 2.40.2976 was initially intended to be released at a later date –however the release has been pushed forward in order to accommodate customers using FreeRDP. NoTouch OS is now current with the patches necessary to protect against exploits in the CSSP as well as those from the notorious Meltdown and Spectre exploits.
It’s important to remember, however, that these exploits and vulnerabilities exist in protocols and hardware external to NoTouch OS, and that NoTouch OS remains as safe as ever. Given it is Linux based, NoTouch OS protects against third party applications and any other common security threats facing x86 and Raspberry Pi devices.