Microsoft's patch Tuesday exposed critical vulnerability issues with the XAML Browser Application (XBAPs). XBAP is a new Windows technology employed in creating Rich Interactive Applications for the web. It combines the features of web application and rich-client application. XBAP applications are specifically run in sandbox to prevent unauthorized applications from controlling local system resources.

Security vulnerabilities in Microsoft .NET Framework and Silverlight could allow a remote code execution on a client system when a user views specifically crafted web-pages on a browser running XAML Browser application or Silverlight application.

The vulnerability could also allow a remote code execution on a server system running IIS (Internet Information Server), if the server allows processing ASP.NET pages and an attacker succeeds in uploading a specific crafted ASP.NET page to the server and then executes the page, as could be the case in a web hosting scenario.

This security vulnerability, albeit, labelled private has now been resolved in the latest Microsoft security update, MS11-078. The vulnerability was resolved by correcting the manner in which .NET restricts inheritance within classes.

Microsoft recommended that as majority of its customers have enabled automatic update, they will not need to take any action as the security update will be downloaded and installed automatically. However, customers who have not enabled automatic update will still need to manually download and install the latest security fixes.

The configuration information for automatic update has been made available, Microsoft advised that customers apply the update immediately using the update management software, or by checking for updates using the Microsoft Update service.

XBAPs Security Considerations

Google over the weekend unveiled the beta version of its Chrome Remote Desktop, a Chrome extension enabling users to remotely access another computer across a network through the Chrome browser. It's a web cum browser-based equivalent of the conventional  remote desktop software.

The Chrome Remote Desktop beta is fully cross-platform compliant, according to the release note, and can connect any two computers running any of these operating systems (Windows, Mac, Linux and Chromebook) with Chrome browser.

The beta release version allows access to another machine by providing a one-time authentication code. And access is given only to the specific person the user identifies for just one time. The information sharing section is fully secured through SSL connection.

A given user-case been as employed in IT helpdesk, in which instance the helpdesk can use the Chrome Remote Desktop to help another user. And conversely, a user can also receive help by setting up a sharing section without leaving the desk.

The goal of this beta release is to demonstrate the core Chrome Remote Technology, according to Google. So, users feedback are thereby requested as future updates are expected.

Review: Chrome Remote Desktop