SAFE Washington‎ > ‎Alerts!‎ > ‎

Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately

posted Mar 14, 2012, 7:14 AM by Andrew Chadick   [ updated Mar 14, 2012, 7:17 AM ]

Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible.

The critical bulletin – one of six security bulletins issued as part of today’s release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP).

Microsoft Patch Tuesday March 2012“A little about MS12-020…this bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP),” Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, explained in a blog post. “Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled.”

“That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible,” she added. “The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.”

Ben Greenbaum, senior principal software engineer for Symantec’s Security Intelligence Group, agreed users should pay close attention to the RDP vulnerability.

“RDP’s purpose is to enable remote access from the Internet, but preferably to an authenticated user,” he said. “In this case, a malicious attacker can potentially take complete control of the computer. Failed exploit attempts of this issue will likely result in the user being confronted with the blue screen of death. If an attacker can bypass standard memory protection measures, however, they will have access at the kernel level.”

Microsoft Security Bulletin Summary for March 2012

Published: Tuesday, March 13, 2012

Version: 1.0

This bulletin summary lists security bulletins released for March 2012.

With the release of the security bulletins for March 2012, this bulletin summary replaces the bulletin advance notification originally issued March 8, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on March 14, 2012, at 11:00 AM Pacific Time (US & Canada). Register now for the March Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.