Microsoft addresses critical vulnerability in latest security update

By Stuart Sumner
14 Mar 2012 View Comments
Microsoft headquarters in Redmond

Microsoft released security patches addressing seven vulnerabilities in its products this week, including a critical flaw in Windows' Remote Desktop Protocol (RDP).

The updates include MS12-020, which closes a vulnerability in Windows Remote Desktop that Microsoft said could allow remote code execution.

Further reading

"This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol.

"The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system."

This vulnerability affects Windows XP, Vista and Windows 7 operating systems, among other Microsoft products.

Paul Henry, security and forensic analyst at Lumension, recommended that this patch be a high priority for any organisations using RDP, but suggested a workaround if the patch cannot be applied immediately.

"For all users running RDP, the highest priority is MS12-020. For those unable to patch immediately, enabling Network Level Authentication as a workaround would be a good idea."

The remaining bulletins close vulnerabilities in Windows, Microsoft's Visual Studio and Expression Design. They are all rated as less critical than the RDP patch.

Microsoft has also this week added new exploit mitigations to Internet Explorer 10, the browser that will ship with Windows 8. 

It is currently available to download as part of the consumer preview of Windows 8, itself expected to go on general release later this year.

Forbes Higman, a Microsoft security programme manager for Internet Explorer, wrote this week that these additions will make the browser harder for malware authors to exploit.

"Internet Explorer 10 introduces significant improvements in memory protections to help make vulnerabilities harder to exploit, helping to keep users safe on the sometimes-hostile web.

"These improvements will increase the difficulty and development cost of exploits, making life harder for the bad guys."

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

27 %
43 %
10 %
20 %