ID: IRCNE2012031434
Date: 2012-03-14
According to “ZDNet”, Microsoft has warned to Windows administrators to stop what they’re doing and apply the new and very critical MS12-020 update.
Microsoft is warning that there’s a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol.
From the bulletin:
A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run abitrary code on the target system. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.
The vulnerability, which affects all versions of Windows, was privately reported to Microsoft’s via the ZDI vulnerability broker service and the company said it was not yet aware of any attacks in the wild.
Although RDP is disabled by default, Microsoft is urging all Window users to treat this issue with the utmost priority.
“Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Microsoft said.
It’s important to note that the vulnerable code is reachable only if RDP is enabled and a mitigation feature in RDP called NLA (network level authentication) moves it to post-authentication which makes this vulnerability less likely to be wormed. There are instructions here to enable NLA on Windows to reduce the severity of a potential attack.
In all, Microsoft shipped six security bulletins as part of this month’s Patch Tuesday batch. The updates address seven documented vulnerabilities in Microsoft Windows, Visual Studio and Expression Design.
Related Links:
MS Patch Tuesday heads-up: 6 bulletins, 1 critical
- 3