Connect with us

Hi, what are you looking for?



Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately

Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible.

The critical bulletin – one of six security bulletins issued as part of today’s release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP).

Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible.

The critical bulletin – one of six security bulletins issued as part of today’s release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP).

Microsoft Patch Tuesday March 2012“A little about MS12-020…this bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP),” Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, explained in a blog post. “Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled.”

“That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible,” she added. “The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.”

Ben Greenbaum, senior principal software engineer for Symantec’s Security Intelligence Group, agreed users should pay close attention to the RDP vulnerability.

“RDP’s purpose is to enable remote access from the Internet, but preferably to an authenticated user,” he said. “In this case, a malicious attacker can potentially take complete control of the computer. Failed exploit attempts of this issue will likely result in the user being confronted with the blue screen of death. If an attacker can bypass standard memory protection measures, however, they will have access at the kernel level.”

Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon’s AWS, need to patch as quickly as possible, Qualys CTO Wolfgang Kandek opined.

“If the patch cannot be applied that quickly or the necessary reboot cannot be scheduled, IT Admins should look into the available work-arounds that function immediately: protect the machine with restrictive firewalling, access RDP through a VPN service or switch to Microsoft’s NLA protocol that is supported in newer versions of Windows (Vista+) and is not vulnerable to the attack,” he said.

Advertisement. Scroll to continue reading.

“Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Microsoft noted in a blog post.

Besides the RDP bugs, this month’s Patch Tuesday addressed five other vulnerabilities: two denial-of-service bugs and an escalation of privileges issue in Microsoft Windows; a remote code execution vulnerability in Microsoft Expression Design; and an escalation of privileges issue in Microsoft Visual Studio. All those issues are rated ‘important’ with the exception of one of the Windows’ denial-of-service bugs, which is rated ‘moderate.’

Also today, Adobe updated its ColdFusion software to address a vulnerability in versions 9.0.1 and earlier for Windows, Macintosh and UNIX systems that could lead to a denial-of-service attack using a hash algorithm collision. The company said it was unaware of any attempts to exploit the vulnerability in the wild.

Related: nCircle Announces Patch Priority Index

Related: Endless Exploit Attempts Underline Importance of Timely Java Patching

Related: Secunia Slams Apple Over Vulnerability Handling, Publicizes Safari Flaws

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.