Microsoft urges users to apply latest security patch

Update address flaws in Remote Desktop Protocol

Security

Microsoft is urging people to waste no time in applying its latest security patch, warning that it expects to see exploits of patched vulnerabilities within 30 days.

According to Microsoft, update MS12-020 addresses two vulnerabilities in Microsoft's implementation of the Remote Desktop Protocol (RDP), and one of the flaws is a remote code execution vulnerability affecting all versions of Windows.

We expect to see working exploit code developed within the next 30 days.

Attackers could use the vulnerability to remotely access computers without authorisation.

Microsoft said it "strongly encouraged" users to make "a special priority of applying this particular update" because the potential rewards for attackers would make the vulnerability too tempting to ignore.

"We are not aware of any attacks in the wild and the remote desktop protocol is disabled by default," the company said in its security blog outlining the problem and how system administrators should deal with it.

"However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."

Microsoft said attackers could exploit the vulnerability over networks before authentication was required because "RDP is commonly allowed through firewalls due to its utility".

The service runs in kernel-mode as SYSTEM by default on almost all platforms, the company said.

"We determined that this vulnerability is directly exploitable for code execution," Microsoft said.

"Developing a working exploit will not be trivial we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed within the next 30 days."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?
cloud security

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?

13 Apr 2021
5G will accelerate cyber crime, predicts former White House CIO
5G

5G will accelerate cyber crime, predicts former White House CIO

13 Apr 2021
How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021