Microsoft urges users to apply latest security patch

Update address flaws in Remote Desktop Protocol

Security

Microsoft is urging people to waste no time in applying its latest security patch, warning that it expects to see exploits of patched vulnerabilities within 30 days.

According to Microsoft, update MS12-020 addresses two vulnerabilities in Microsoft's implementation of the Remote Desktop Protocol (RDP), and one of the flaws is a remote code execution vulnerability affecting all versions of Windows.

Advertisement - Article continues below

We expect to see working exploit code developed within the next 30 days.

Attackers could use the vulnerability to remotely access computers without authorisation.

Microsoft said it "strongly encouraged" users to make "a special priority of applying this particular update" because the potential rewards for attackers would make the vulnerability too tempting to ignore.

"We are not aware of any attacks in the wild and the remote desktop protocol is disabled by default," the company said in its security blog outlining the problem and how system administrators should deal with it.

"However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."

Microsoft said attackers could exploit the vulnerability over networks before authentication was required because "RDP is commonly allowed through firewalls due to its utility".

Advertisement
Advertisement - Article continues below

The service runs in kernel-mode as SYSTEM by default on almost all platforms, the company said.

"We determined that this vulnerability is directly exploitable for code execution," Microsoft said.

"Developing a working exploit will not be trivial we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed within the next 30 days."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020