Yikes! Install MS12-020 ASAP for RDP vulns.

Drop everything and protect yourself against CVE-2012-0002. Microsoft (NASDAQ:MSFT) is warning about critical vulnerabilities in the Remote Desktop Protocol (RDP) service. There's a patch, MS12-020, or a workaround if you prefer. In IT Blogwatch, bloggers scramble to harden their Windows boxes.

By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: To some people, time zones are just a fancy way of sounding important...

    Gregg Keizer reports:

MS12-020 patches a pair of bugs in...RDP, a component that lets users remotely access a PC or server. ... The critical vulnerability...CVE-2012-0002, could be exploited by an attacker who simply sends specially-crafted data packets.


Microsoft...expects reliable exploits to appear within 30 days, and rank[ed] the update as the one to patch before all others...but Microsoft also offered a temporary workaround...[which] adds another layer of security by requiring Network Level Authentication. ... [U]nlike the patch, [this doesn't] require a system reboot, which may make server administrators skittish about applying MS12-020.   

    Ryan Naraine adds:

Stop what you’re doing and apply the...MS12-020 update. ... The vulnerability, which affects all versions of Windows, was privately reported to Microsoft via the ZDI vulnerability broker service.


Although RDP is disabled by default, Microsoft is urging all Window users to treat this issue with the utmost priority. ... In all, Microsoft shipped six security bulletins...this month...address[ing] seven documented vulnerabilities in Microsoft Windows, Visual Studio and Expression Design.   

Microsoft's Suha Can and Jonathan Ness "strongly encourage you":

Developing a working exploit will not be trivial. ... However, we expect to see working exploit code developed within the next 30 days. ... [Here are] instructions to enable NLA interactively or via group policy. ... We’ve [also] prepared a one-click “Fix it” solution that takes a registry-based approach.


We urge you to promptly apply this security update. We also encourage you to consider how you might harden your environment.   

What does it all mean, Brian Krebs?

That means it is far more likely to be a threat to businesses than to consumer systems.   

Um, OK, but what does it all mean, Dan Goodin?

That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to...Nimda and Code Red.


It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on...industrial control systems and SCADA.   

Meanwhile, Ed Bott doesn't see the patch roll out to the Windows 8 'beta':

I was intrigued to see four updates available for the...Consumer Preview. [They] didn’t include the big MS12-020 fix...[which] suggests that the vulnerability is already fixed in the Consumer Preview code.   

And Finally...
To some people, time zones are just a fancy way of sounding important

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch, for which he has won ASBPE and Neal awards. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can read Richi's full profile and disclosure of his industry affiliations.


Copyright © 2012 IDG Communications, Inc.

Shop Tech Products at Amazon