Microsoft Fixes Critical RDP Vulnerability with March Patch Tuesday

Author: Chris Brook
minute read

Microsoft rolled out six patches addressing seven vulnerabilities on Tuesday, including a critical hole in Windows’ Remote Desktop Protocol (RDP) – the same component exploited by the Morto worm in August. 

Microsoft rolled out six patches addressing seven vulnerabilities on Tuesday, including a critical hole in Windows’ Remote Desktop Protocol (RDP) – the same component exploited by the Morto worm in August. 

The March edition of their monthly Patch Tuesday release included a critical bulletin (MS12-020) that fixes two vulnerabilities in Windows’ Remote Desktop Protocol (RDP). One of those could allow remote code execution by an attacker, Microsoft warned. The vulnerabilities affect all Windows customers, up to and including those who have Windows 7 installed on their computers.

RDP comes disabled by default on workstations running Windows. Microsoft said it hasn’t yet seen the vulnerability exploited in the wild, but that the patch is a top priority fix.  In August 2011, the Morto worm infected machines running Windows Server 2003, causing large amounts of outbound RDP traffic.

The remaining bulletins address a series of five vulnerabilities in Windows, Microsoft’s Visual Studio and Expression Design.

  • A flaw in Visual Studio (MS12-021) could allow elevation of privilege if an attacker were to place a specially designed add-in in the path used by the software and got a user with higher privileges to log on and use it.
  • In Expression Design (MS12-022) if a user were to open an .xpr or .DESIGN file in the same directory as a baited DLL file, an attacker could execute malicious code.
  • A vulnerability in supported versions of Windows Server 2003 and 2008 (MS12-017) could allow an attacker to launch a denial of service attack using a specially crafted DNS (Domain Name System) query against the server.
  • Microsoft patched a vulnerability in Windows’ Kernel-Mode Drivers that could allow a remote attacker to elevate their permissions on the system once they had logged on and run a specially crafted application (MS12-018).

Finally, a vulnerability (MS-12-019) in Windows’ text-layout API, DirectWrite, could allow a denial of service if an attacker sent a specially selected chain of characters to an instant messenger client, Microsoft warned.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.