IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft urges users to apply latest security patch

Update address flaws in Remote Desktop Protocol

Security

Microsoft is urging people to waste no time in applying its latest security patch, warning that it expects to see exploits of patched vulnerabilities within 30 days.

According to Microsoft, update MS12-020 addresses two vulnerabilities in Microsoft's implementation of the Remote Desktop Protocol (RDP), and one of the flaws is a remote code execution vulnerability affecting all versions of Windows.

We expect to see working exploit code developed within the next 30 days.

Attackers could use the vulnerability to remotely access computers without authorisation.

Microsoft said it "strongly encouraged" users to make "a special priority of applying this particular update" because the potential rewards for attackers would make the vulnerability too tempting to ignore.

"We are not aware of any attacks in the wild and the remote desktop protocol is disabled by default," the company said in its security blog outlining the problem and how system administrators should deal with it.

"However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."

Microsoft said attackers could exploit the vulnerability over networks before authentication was required because "RDP is commonly allowed through firewalls due to its utility".

The service runs in kernel-mode as SYSTEM by default on almost all platforms, the company said.

"We determined that this vulnerability is directly exploitable for code execution," Microsoft said.

"Developing a working exploit will not be trivial we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed within the next 30 days."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Sitecore XP RCE flaw is being actively exploited, ACSC warns
vulnerability

Sitecore XP RCE flaw is being actively exploited, ACSC warns

9 Nov 2021
Patch management vs vulnerability management
enterprise security

Patch management vs vulnerability management

14 Sep 2021
How to virtualise Windows 7 inside Windows 10
Microsoft Windows

How to virtualise Windows 7 inside Windows 10

9 Sep 2021

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022