On Tuesday, March 13th, Microsoft made available a new batch of security updates for the Windows client and other products, in an attempt to patch a variety of vulnerabilities that were found to affect them.
Among them, there was a security bulletin rated Critical, meant to patch two vulnerabilities found in the Remote Desktop Protocol in Windows.
As mentioned in out article detailing the update, the most severe of these vulnerabilities could allow for remote code execution, provided that an attacker sent a sequence of specially crafted RDP packets to an affected system.
The Remote Desktop Protocol (RDP) is disabled by default on all Windows operating systems. All systems with the RDP disabled are not at risk, Microsoft says.
However, the company also warns that proof-of-concept code to exploit the vulnerability is now public. The code could allow only for denial of service, Microsoft notes, adding that they are not aware of publicly available code for remote code execution.
“We recommend customers deploy MS12-020 as soon as possible, as this security update
protects against attempts to exploit CVE-2012-0002,” Yunsun Wee, director, Trustworthy Computing, notes in a blog post
“Additionally we have offered a one-click Fix It to help mitigate risk for those customers who need time to test the update before deploying it.”
At the same time, the Redmond-based company notes that the proof-of-concept code appears to match the vulnerability information that it shared with Microsoft Active Protections Program (MAPP) partners.
Basically, the company confirms that the code might have leaked either from it or from one of its partner companies. At the moment, they are investigating the disclosure of these details.
“Consistent with the charter of the MAPP program, we released details related to the vulnerabilities addressed in MS12-020 to MAPP partners under a strict Non-Disclosure Agreement in advance of releasing the security bulletin,” Yunsun Wee continues.
“Security software partners use this type of information to build enhanced customer protections that, in many cases, provide customers with more time to make optimal deployment decisions for their environments.”
The leaked code is not definitive, and can only crash systems at the moment. Microsoft also notes that those users who have applied the latest security update, as well as those who have RDP disabled should not be affected by this.