Microsoft Warns Of Attractive Remote Desktop Flaw

Microsoft has urged customers to patch a critical vulnerability affecting its Remote Desktop software, warning the flaw will catch the attention of cyber criminals.

This week’s Patch Tuesday was a small one of just six bulletins, yet the MS12-020 vulnerability has caused some panic as it allows for remote code execution, although Microsoft said it is not aware of any attacks in the wild.

Time to panic?

The flaw affects a specific subset of systems – those running the Remote Desktop Protocol (RDP). The fact that the RDP is disabled by default may help allay fears somewhat, as it means most systems will not be affected.

“However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Microsoft said in its blog post. “This issue is potentially reachable over the network by an attacker before authentication is required. RDP is commonly allowed through firewalls due to its utility.

“During our investigation, we determined that this vulnerability is directly exploitable for code execution. Developing a working exploit will not be trivial – we would be surprised to see one developed in the next few days.”

Companies that run Remote Desktop have been advised to enable Network Level Authentication (NLA). This function would require an attacker to authenticate to the server before attempting to exploit the flaw, mitigating the threat significantly.

“We urge you to promptly apply this security update. We also encourage you to consider how you might harden your environment against unauthenticated, attacker-initiated RDP connections,” Microsoft added.

If concerned, head to Microsoft’s advisory on the vulnerability.

This month’s Patch Tuesday also included one moderate and four important security bulletins.

How well do you know your operating systems? Take our quiz