Wipfli Alerts & Updates: Vulnerabilities in Remote Desktop
March 22, 2012
Microsoft Security Bulletin MS12-020 is classified as critical.
On March 13, 2012, Microsoft released a security update to patch against a vulnerability that could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. According to Microsoft, the vulnerability affects users of Windows XP, Vista, and Windows 7, as well as Windows Server 2003 and 2008. Microsoft has classified this vulnerability as critical.
This vulnerability allows for remote code execution via the Remote Desktop Service. An attacker could potentially take over control on an infected computer or even create new user accounts with administrative rights. As of the time of this notification, proof-of-concept (PoC) exploits have been detected in the wild that are capable of blue screening or halting unpatched systems. Wipfli consultants have been monitoring the security community and express urgency based on PoC development progress and monetary bounties for a working remote code execution exploit. We consider it imperative that users apply the update immediately, either manually or through the Microsoft Update service.
More information can be obtained from the Microsoft Security Bulletin MS12-020.
If you have questions relating to this information, please contact Paul Johnson, Travis Kaun, or your Wipfli relationship executive.
Click here to sign up to receive future "Wipfli Alerts & Updates" email communications as they are released.