Microsoft Shuts RDP Hole

Thursday, March 15, 2012 @ 03:03 PM gHale

Microsoft released six security bulletins to close seven holes in its products. One of the bulletins, rated as critical, addresses two privately reported vulnerabilities in its implementation of the Remote Desktop Protocol (RDP), the company said.

The first of these is a “critical-class” issue in RDP an attacker could exploit to remotely execute arbitrary code on a victim’s system. Although RDP ships disabled by default, many users enable it so they can administer their systems remotely within their organizations or over the Internet. All supported versions of Windows from Windows XP Service Pack 3 to Windows 7 Service Pack 1 and Windows Server 2008 R2 suffer from the issue.

Mozilla Firefox 11 Ready to Go
IE 10 Tougher to Crack
Safari Updates; Firefox Delays
Patch Tuesday Fixes Critical Holes

As the issue came to Microsoft via the Zero Day Initiative (ZDI), the software giant has yet to see any active attacks exploiting these in the wild, but warns, “due to the attractiveness of this vulnerability to attackers,” it anticipates “that an exploit for code execution will be developed in the next 30 days.” Because of this it recommends installing the updates as soon as possible.

However, as some customers “need time to evaluate and test all bulletins before applying them”, Microsoft has also provided a workaround and a no-reboot “Fix it” tool that enables Network-Level Authentication (NLA) to mitigate the problem. The company also fixed a second “moderate-class” denial-of-service (DoS) which can cripple an RDP server.

Another fixed vulnerability patches a privilege escalation issue in all versions of Windows that could allow a user with limited rights to run arbitrary code in kernel mode, that is, with system privileges. The vulnerability exists in the PostMessage function of the kernel-mode driver in win32k.sys. Another patch addresses a denial of service vulnerability in DirectX’s DirectWrite where trying to render a particular sequence of Unicode characters can lock up an application; the bug affects Vista and later versions of Windows.

An overview of all of these updates, including descriptions about each of the vulnerabilities, is on the Microsoft Security Bulletin Summary for March 2012.

Leave a Reply

You must be logged in to post a comment.