Microsoft warns of critical hole

IT departments which are thinking that they can sit on the latest wave of patches from Microsoft might want to change their minds, pronto.

Normally there is a time lag between Redmond issuing patches and them being rolled out by the IT department.

However, in a statement from Microsoft, the IT department should roll out MS12-020, which was released in this month’s Patch Tuesday, as soon as possible.

The patch fixes two vulnerabilities in the Remote Desktop Protocol (RDP). One is critical and the other is moderate.

Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, wrote from her bog that both problems were disclosed to Microsoft.

While the Vole does not know of any active exploitation in the wild, the first flaw is nasty for those who run RDP and is less problematic for those systems with Network Level Authentication (NLA) enabled.

It would allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration) if the machine does not have NLA enabled. It means that the attacker would not require authentication for RCE access.

RDP enables remote access from the web, but preferably to an authenticated user. The flaw means that an attacker can potentially take complete control of the computer. If it succeeds, an attacker can bypass standard memory protection measures, however, they will have access at the kernel level. RDP is the default in cloud-based installations such as Amazon’s AWS.