Microsoft Fixes Critical RDP Vulnerability with March Patch Tuesday

Microsoft rolled out six patches addressing seven vulnerabilities on Tuesday, including a critical hole in Windows’ Remote Desktop Protocol (RDP) – the same component exploited by the Morto worm in August. 

Microsoft rolled out six patches addressing seven vulnerabilities on Tuesday, including a critical hole in Windows’ Remote Desktop Protocol (RDP) – the same component exploited by the Morto worm in August. 

The March edition of their monthly Patch Tuesday release included a critical bulletin (MS12-020) that fixes two vulnerabilities in Windows’ Remote Desktop Protocol (RDP). One of those could allow remote code execution by an attacker, Microsoft warned. The vulnerabilities affect all Windows customers, up to and including those who have Windows 7 installed on their computers.

RDP comes disabled by default on workstations running Windows. Microsoft said it hasn’t yet seen the vulnerability exploited in the wild, but that the patch is a top priority fix.  In August 2011, the Morto worm infected machines running Windows Server 2003, causing large amounts of outbound RDP traffic.

The remaining bulletins address a series of five vulnerabilities in Windows, Microsoft’s Visual Studio and Expression Design.

  • A flaw in Visual Studio (MS12-021) could allow elevation of privilege if an attacker were to place a specially designed add-in in the path used by the software and got a user with higher privileges to log on and use it.
  • In Expression Design (MS12-022) if a user were to open an .xpr or .DESIGN file in the same directory as a baited DLL file, an attacker could execute malicious code.
  • A vulnerability in supported versions of Windows Server 2003 and 2008 (MS12-017) could allow an attacker to launch a denial of service attack using a specially crafted DNS (Domain Name System) query against the server.
  • Microsoft patched a vulnerability in Windows’ Kernel-Mode Drivers that could allow a remote attacker to elevate their permissions on the system once they had logged on and run a specially crafted application (MS12-018).

Finally, a vulnerability (MS-12-019) in Windows’ text-layout API, DirectWrite, could allow a denial of service if an attacker sent a specially selected chain of characters to an instant messenger client, Microsoft warned.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.