Microsoft addresses critical vulnerability in latest security update

Seven vulnerabilities are closed by the patch, including a critical flaw with Windows Remote Desktop Protocol

Microsoft released security patches addressing seven vulnerabilities in its products this week, including a critical flaw in Windows' Remote Desktop Protocol (RDP).

The updates include MS12-020, which closes a vulnerability in Windows Remote Desktop that Microsoft said could allow remote code execution.

"This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol.

"The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system."

This vulnerability affects Windows XP, Vista and Windows 7 operating systems, among other Microsoft products.

Paul Henry, security and forensic analyst at Lumension, recommended that this patch be a high priority for any organisations using RDP, but suggested a workaround if the patch cannot be applied immediately.

"For all users running RDP, the highest priority is MS12-020. For those unable to patch immediately, enabling Network Level Authentication as a workaround would be a good idea."

The remaining bulletins close vulnerabilities in Windows, Microsoft's Visual Studio and Expression Design. They are all rated as less critical than the RDP patch.

Microsoft has also this week added new exploit mitigations to Internet Explorer 10, the browser that will ship with Windows 8.

It is currently available to download as part of the consumer preview of Windows 8, itself expected to go on general release later this year.

Forbes Higman, a Microsoft security programme manager for Internet Explorer, wrote this week that these additions will make the browser harder for malware authors to exploit.

"Internet Explorer 10 introduces significant improvements in memory protections to help make vulnerabilities harder to exploit, helping to keep users safe on the sometimes-hostile web.

"These improvements will increase the difficulty and development cost of exploits, making life harder for the bad guys."