The Latest in IT Security

MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

17
Mar
2012

The vulnerability lies in a part of Windows called the Remote Desktop Protocol (RDP) and could allow malicious hackers to run code – without the users’ permission.The security hole affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8.

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

In a blog post, Microsoft predicted that an exploit would be created for the vulnerability within 30 days:
“Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days.”

Affected software and version:

Windows XP Service Pack 3 (KB2621440)
Windows XP Professional x64 Edition Service Pack 2 (KB2621440)
Windows Server 2003 Service Pack 2 (KB2621440)
Windows Server 2003 x64 Edition Service Pack 2 (KB2621440)
Windows Server 2003 with SP2 for Itanium-based Systems (KB2621440)
Windows Vista Service Pack 2 (KB2621440)
Windows Vista x64 Edition Service Pack 2 (KB2621440)
Windows Server 2008 for 32-bit Systems Service Pack 2 (KB2621440)
Windows Server 2008 for x64-based Systems Service Pack 2 (KB2621440)
Windows Server 2008 for Itanium-based Systems Service Pack 2 (KB2621440)
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 (KB2621440)
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 (KB2667402)
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 (KB2621440)
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 (KB2667402)
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB2621440)
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB2667402)
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (KB2621440)
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (KB2667402)

For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit,
http://technet.microsoft.com/en-us/security/bulletin/ms12-020

We recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.

Leave a reply


Categories

TUESDAY, NOVEMBER 21, 2017

Featured

Archives

Latest Comments

Social Networks