Microsoft’s latest Patch Tuesday is a light one, with just one critical bug. However, IT admins should be warned: it’s a biggie.
There are a total of six vulnerabilities that will be patched, but just one critical security flaw. MS 12-202 fixes two vulnerabilities in the Remote Desktop Protocol (RDP). The flaw, which covers all versions of Windows, could leave a machine vulnerable to remote code execution, enabling someone to get behind a company’s firewall.
Microsoft has warned IT admins to rush through this patch as it will almost certainly be targeted by attackers.
"We are not aware of any attacks in the wild," said Suha Can and Jonathan Ness, on Microsoft’s Security blog. "However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."
Wolfgang Kandek of Qualys said "all of your focus" should be on the RDP vulnerability and IT admins should ensure the patch is pushed out as quickly as possible.
"Within the week apply the patch on your Windows machines that are running the RDP service and are Internet facing," he wrote. "Within the month patch the rest of your systems – both external and internal. While the main attack vector is directly through the Internet, it is likely that malware will be equipped with the exploit for the RDP vulnerability, and that it will be used for internal malware propagation."
Tyler Reguly, technical manager of security research and development at nCircle, suggest Microsoft should have released a patch earlier to fix this vulnerability.
"Today is a flashback of the bad old Patch Tuesdays. Remote, unauthenticated vulnerability attacks are becoming a rarity these days with end user and client software being the attack vector of choice recently. Today brings back a scary, old buzzword though, it’s ‘wormable.’ It’s a scary word, but MS12-020 makes it completely possible," he said.
"Today might be the month to throw the patch rulebook out the window and install this patch faster than your enterprise patch cycle normally allows. It’s critical that enterprises apply the MS12-020 patch as quickly as possible," Reguly added. "I’m surprised that Microsoft waited to release MS12-020 during their normal patch cycle."
