3 replies to this topic

[Burned Phoenix]

Microsoft has released March 2012 Security Update for patching 7 vulnerabilities in Windows and other Microsoft products, out of which one is critical. It's a remote desktop flaw that Microsoft promised would result in attacks within the month.

"Note that CVE-2012-0002 was privately reported and we are not aware of any attacks in the wild. Additionally, the remote desktop protocol is disabled by default. However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."

According to Microsoft, the remote desktop flaw could lead to remote code execution. And though this service, called Remote Desktop Protocol (RDP), is disabled by default in Windows, it's used by many businesses and thus is expected to be attacked quickly.

As a result, Microsoft has provided workarounds that will mitigate the issues ahead of patch deployment. The workarounds are available as Microsoft Fix It solutions, which essentially enable a feature called Network Level Authentication (NLA) for RDP.

Sources: Security Research & Defense, WinSupersite

[SurB86]

Here is the bulletin deployment priority chart for March 2012:

[USG Ishimura]

sounds scary

[SurB86]

It's an exploit targets a vulnerability in Windows' remote desktop protocol, giving an attacker full control over a system and the ability to easily spread to other machines with remote desktop enabled.

This code was submitted to Microsoft last year to demonstrate a serious exploit in Windows has somehow made it into the wild, either through Microsoft itself or one of its security partners according to The Verge