Microsoft\'s Patch Tuesday delivers one critical bulletin

Microsoft released six security bulletins to hide one critical, four important and one moderate flaw on its Patch Tuesday for March.

As revealed by SC Magazine, the patches will address seven issues in Microsoft Windows, Visual Studio and Expression Design.

Trustworthy Computing spokesperson Angela Gunn said: “We do not forget that our customers need time to assess and test all bulletins before applying them. To supply for a little scheduling flexibility, we're offering a one-click, no-reboot fix it that permits network-level authentication, a high-quality mitigation for this issue.

“It applies to Vista, Server 2008, Win7 and Server 2008R2 systems. You are able to read all about it at the SRD blog.”

Microsoft recommended specializing in the critical bulletin MS12-020 first as this patches a vulnerability in its Remote Desktop Protocol (RDP) implementation. Also patching a moderate-class issue, Microsoft said that it doesn't know of any active exploitation within the wild.

Wolfgang Kandek, CTO at Qualys, said: “RDP is a well-liked method for controlling remote Windows machines, however isn't active by default on standard Windows installations. It must be configured and began by the system's owner, which then makes the vulnerability accessible; consequently we think that just a relatively small percentage of machines may have RDP up and running.

“The vulnerability itself is out there in the course of the network, doesn't require authentication and allows code execution at the targeted machine, a highly prized combination by attackers. Microsoft has rated its exploitability index as 1, meaning that they expect working exploits to be out in fewer than 30 days.”

Jason Miller, manager of analysis and development at VMware, said: “Although Microsoft is stating that almost all machines don't have RDP enabled by default, i do know of many organisations that use RDP to troubleshoot machines. 

“This bulletin simply scares me in terms of protecting an atmosphere from future attacks. This vulnerability has the true potential to become victim to a worm outbreak whether it is not patched. Although this vulnerability may well be difficult to take advantage of, i will be able to assure you attackers may be working hard to create a sound attack against the vulnerability.”

Andrew Storms, director of security operations at nCircle, said: “The most typical use for this tool is on servers within the data centre and that is quite serious. However, this selection is primary by IT teams to support remote users, so it's often turned on in laptops and remote servers.

“This is likewise a really serious security issue for the millions of servers residing in public clouds because user-enabled RDP could be the process for access.”

Tyler Reguly, technical manager of security research and development at nCircle, said: “Today could be the month to throw the patch rulebook out the window and install this patch faster than your online business patch cycle normally allows. It is vital that enterprises apply the MS12-020 patch as quickly as possible. I'm surprised that Microsoft waited to release MS12-020 during their normal patch cycle.”

Looking on the other patches, Reguly said that as they're for DLL Preloading and native Privilege Escalation flaws, this was a typical and rather generic Patch Tuesday.

Kandek said: “Microsoft's five other vulnerabilities are less severe and will be applied within your normal patch cycles if the involved software is installed. For instance, MS12-017 is a denial-of-service attack against Microsoft DNS server; MS12-022 is a DLL preloading attack against Expression Design; and MS12-021 is an add-in weakness in Visual Studio.”