Microsoft Security Bulletin with Remote Desktop Flaws

Posted: March 14, 2012 in Analysis, Vulnerabilities
Microsoft Security Bulletin with Remote Desktop Flaws
Microsoft+Security+Bulletin+with+Remote+Desktop+Flaws

Microsoft has released 6 updates in this month’s patch Tuesday, including a patch for a critical hole which the software maker warns could be hit within the next 30 days. Microsoft is warning that there’s a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol.

A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run abitrary code on the target system. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights, Read More.
The vulnerability, which affects all versions of Windows, was privately reported to Microsoft’s via the ZDI vulnerability broker service and the company said it was not yet aware of any attacks in the wild. The threat was given the highest rating on Microsoft’s exploitability index, meaning that the exploit is an “attractive target for attackers” because they “could consistently exploit that vulnerability,” according to Microsoft.

Also, Microsoft’s DNS servers maintain DoS vulnerabilities. With hacktivist activity hugely increasing over the past year, enterprises and providers running this software should quickly move to patch their DNS servers. Indications of attack include your standard UDP request flood.
The following is a breakdown of the issues being addressed this month:
  • MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
  • MS12-022 Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
  • MS12-017 Vulnerability in DNS Server Could Allow Denial of Service (2647170)
  • MS12-021 Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
  • MS12-019 Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
  • MS12-018 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
Among the other patches that Microsoft has issued, 4 are also marked as important. A DLL preloading issue in Expression Design has been fixed and Visual Studio’s add on also gets an issue resolved. In addition fixes for kernel and DNS system level issues have also been addressed.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s