Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    Microsoft Critical Vulnerability Info May Have Leaked

    By
    Nicholas Kolakowski
    -
    March 19, 2012
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft is asking customers to deploy a patch for a “critical” bulletin from last week€™s Patch Tuesday, after the public appearance of proof-of-concept code that apparently targets the vulnerability.

      That critical bulletin, MS12-020 (Windows) addresses an issue in Remote Desktop Protocol (RDP). While Microsoft insisted in a March 13 posting on the Microsoft Security Response Center blog that €œwe know of no active exploitation in the wild,€ it also advised that €œcustomers examine and prepare to apply this bulletin as soon as possible.€ As it stands, the vulnerability allows an attacker to achieve remote code execution; Microsoft is offering a one-click, no-reboot Fix It €œthat enables Network-Level Authentication, an effective mitigation for this issue.€

      While the public proof-of-concept code results in denial of service for the RDP issue related to MS12-020, Microsoft claims to be unaware of proof-of-concept code that actually results in remote code execution. Moreover, information about the vulnerability may have been leaked.

      €œThe details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protections Program (MAPP) Partners,€ Ynsun Wee, director of Trustworthy Computing, wrote in a March 16 corporate blog posting, three days after Patch Tuesday. €œMicrosoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected.€

      Outside analysts have likewise urged everyone concerned to patch the RDP vulnerability.

      €œLast fall, we saw the RDP worm Morto attacking publicly exposed Remote Desktop services across businesses of all sizes with brute-force password guessing,€ Kurt Baumgartner, senior security researcher for Kaspersky Lab, wrote in a March 13 posting on Securelist, €œThe Morto worm incident brought attention to poorly secured RDP services. Accordingly, this Remote Desktop vulnerability must be patched immediately.€

      Unfortunately, he added, most companies fail to sufficiently secure their RDP services. €œIt seems to me that every time a small and medium-sized organization runs a network, the employees or members expect remote access,€ he wrote. €œIn turn, this Remote Desktop service is frequently exposed to public networks with lazy, no-VPN or restricted communications at these sized organizations.€

      Others agreed with that assessment. €œThis patch should be your highest priority if you use RDP,€ wrote Paul Henry, security and forensic analyst at Lumension, in reference to MS12-020.

      Follow Nicholas Kolakowski on Twitter

      Avatar
      Nicholas Kolakowski
      Nicholas Kolakowski is a staff editor at eWEEK, covering Microsoft and other companies in the enterprise space, as well as evolving technology such as tablet PCs. His work has appeared in The Washington Post, Playboy, WebMD, AARP the Magazine, AutoWeek, Washington City Paper, Trader Monthly, and Private Air. He lives in Brooklyn, New York.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×