Microsoft warns: Expect exploits for critical Windows worm hole

If your company uses Remote Desktop, this warning is for you. An update for Microsoft’s MS12-020 is available and should be installed right away.

According to a bulletin posted by Microsoft, there’s a vulnerability in the implementation of the Remote Desktop Protocol (RDP). Specifically, “This issue is potentially reachable over the network by an attacker before authentication is required. RDP is commonly allowed through firewalls due to its utility. The service runs in kernel-mode as SYSTEM by default on nearly all platforms (except for one exception described below). During our investigation, we determined that this vulnerability is directly exploitable for code execution. Developing a working exploit will not be trivial – we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed within the next 30 days,” said Microsoft.

There is one way to protect yourself before the update is installed, and that’s to enable network level authentication (NLA). Enabling NLA won’t stop a hacker from exploiting the vulnerability for code execution, but the need to authenticate to the server first might be a deterrent.

Microsoft has provided instructions for enabling NLA interactively or via group policy here, or you can use the “Fix it” button here.

Is your business concerned about your overall IT security?  Don’t be, trust our team of Microsoft Professionals and top IT security specialists to take care of all your IT security requirements.  Call us today.

Comments are closed.

CONTACT US