Microsoft closes critical RDP hole in Windows.
Microsoft released six security bulletins to close seven holes. It said one of the bulletins (MS12-020), rated as critical, addresses two privately reported vulnerabilities in its implementation of the Remote Desktop Protocol (RDP). The first is a “critical-class” issue in RDP that could be exploited by an attacker to remotely execute arbitrary code. Although RDP is disabled by default, many users enable it so they can administer systems remotely within their organizations or over the Internet. All supported versions of Windows from Windows XP Service Pack 3 to Windows 7 Service Pack 1 and Windows Server 2008 R2 are affected. As the issue was reported by the Zero Day Initiative, Microsoft said it has yet to see any active attacks exploiting these in the wild, but warns, “due to the attractiveness of this vulnerability to attackers,” it anticipates “that an exploit for code execution will be developed in the next 30 days.”
Because of this, the company said installing the updates should be a priority. However, as some customers “need time to evaluate and test all bulletins before applying them,” Microsoft also provided a workaround and a no-reboot “Fix it” tool that enables Network-Level Authentication to mitigate the problem. A second “moderate-class” denial-of-service that can cripple an RDP server was also fixed. Another vulnerability is fixed in bulletin MS12-018 which provides a patch for a privilege escalation issue in all versions of Windows that could allow a user with limited rights to run arbitrary code in kernel mode, that is, with system privileges. The vulnerability exists in the PostMessage function of the kernel-mode driver in win32k.sys. Microsoft’s bulletin MS12-019 addresses a denial of service vulnerability in DirectX’s DirectWrite where trying to render a particular sequence of Unicode characters can lock up an application; the bug affects Vista and later versions of Windows.