securitylogo

As we mentioned last week Microsoft announced plans to address six different security bulletins during today’s patch Tuesday security update cycle.  In the March 2012 Advance Notice and other monthly advance notifications Microsoft does not provide any specifics on the vulnerabilities that will be patched to prevent any opportunity for people to try and exploit them before the patch is live.

In this case MS12-020 for Windows is the critical bulletin and patch and needs to be applied as quickly as possible. According to the Microsoft Security Response Center (MSRC) this patch needs everyone’s attention.

MS12-020 (Windows): This bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP). Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled. That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible. The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.

Understanding that some business do not like to just deploy a fix without checking it out for compatibility Microsoft has posted an interim Fix it that will mitigate the issue while that testing occurs.  You can read about the issue and the Fix it solution at CVE-2012-0002- A closer look at MS12-020’s critical issue.