Wednesday, March 14, 2012

A closer look at MS12-020's critical issue

A blog post on was brought online that more closely describes the issue with the MS12-020 vulnerability, possible workarrounds and affected systems. Follow the link on the end of this blog post to read the whole article.

"...Security Update MS12-020 addresses two vulnerabilities in Microsoft’s implementation of the Remote Desktop Protocol (RDP). One of the two, CVE-2012-002, is a Critical, remote code execution vulnerability affecting all versions of Windows. This blog post shares additional information with the following goals:
To strongly encourage you to make a special priority of applying this particular update;
To give you an option to harden your environment until the update can be applied.

Note that CVE-2012-0002 was privately reported and we are not aware of any attacks in the wild. Additionally, the remote desktop protocol is disabled by default. However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days.

We understand and appreciate that our customers often need time to evaluate and install bulletins as appropriate for their environment. For systems running RDP without Network-Level Authentication (NLA) enabled, this post includes information on a mitigation that may be applied in advance of the bulletin..."


No comments:

Post a Comment