bit-tech.net

Microsoft urges patching for RDP vulnerability

Microsoft urges patching for RDP vulnerability

Windows users are being urged to install a patch for a critical flaw in Windows' Remote Desktop Protocol which can lead to remote code execution.

Microsoft is warning Windows users the world over to apply the security patch released yesterday as soon as possible, following the discovery of a flaw in the Remote Desktop Protocol (RDP) server.

Security Update MS12-020, released as part of the monthly Patch Tuesday update cycle yesterday, is rated 'critical' by the organisation and addresses a serious flaw with the server used to provide remote access to Windows-based systems.

The company has warned that the flaw allows an attacker to exploit any Windows system running the RDP service over the network, and potentially over the internet providing RDP access is permitted through the firewall as is common for remote access. Worse still, the flaw can be exploited before authentication is requested and allows for remote code execution under the 'system' privilege level, giving attackers full and unrestricted access to the underlying operating system.

According to Microsoft, the flaw was privately reported by researcher Luigi Auriemma via TippingPoint's Zero Day Initiative and is not known to be under active use by ne'er-do-wells in the wild. However, the company warns that is likely to change in the none-too-distant future. 'Developing a working exploit will not be trivial – we would be surprised to see one developed in the next few days,' the company states in a threat analysis. 'However, we expect to see working exploit code developed within the next 30 days.'

As a result of the seriousness of the threat, mitigated only by the fact that the RDP service is disabled by default on most Windows systems, Microsoft is urging users to apply the update as soon as possible. Where that's not an option, Microsoft is asking users to enable Network Level Authentication (NLA) on Windows Vista and later to require the attacker to successfully authenticate before exploitation can take place. Doing so, however, will prevent clients on Windows XP, Windows Server 2003 and older from connecting to the RDP server.

'We urge you to promptly apply this security update,' the company concludes. 'We also encourage you to consider how you might harden your environment against unauthenticated, attacker-initiated RDP connections.'

The update is live now for all affected platforms via Windows Update.

4 Comments

Discuss in the forums Reply
towelie 14th March 2012, 12:22 Quote
Slightly concerning!!

But Everybody knows it a bad idea to have a port forward to RDP,VPN's people...

Please can we see more Security related article's in general on Bit-tech
MrDomRocks 14th March 2012, 17:25 Quote
With that in mind I just remebered to check for updates and low and behold there where several ready to install. Time to restart my system to finish the security updates etc.

Thanks Bittech for keeping us well informed as per usual!
Aracos 14th March 2012, 18:06 Quote
Personally I turn it straight off as soon as I install the OS.
leexgx 15th March 2012, 21:53 Quote
its off by default i think your looking at Allow Remote Assistance box (norm used with MSN) not Remote Desktop options (NLA option i use for an company my self to manage there server)
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums