Six is a rather small number for this month’s round of Microsoft bulletins, but one stands out as a very critical update: MS12-020, aka, the “Remote Desktop Could Allow Remote Code Execution” vulnerability. Microsoft warned IT admin about this flaw in their MSRC (Microsoft Security Response Center) blog entry. From the MSRC blog: “We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority.”
Based on the Microsoft posting, the critical flaw applies to a fairly specific subset of systems – those running RDP – and is “less problematic for those systems with Network Level Authentication (NLA) enabled”. This could allow would-be attackers to achieve remote code execution on a machine running RDP (Remote Desktop Protocol). RDP allows remote access to systems for admins to manage them remotely. An exploit for such remote access does not require network credentials, however, systems that do not have RDP enabled are not at risk.
Other issues covered in this month’s Patch Tuesday include one moderate and four important security bulletins. IT administrators are advised to abide by the patch operating procedures for these fixes.
Trend Micro Deep Security has just released an update which addresses the critical RDP vulnerability under the rule name 1004949 – Remote Desktop Protocol Vulnerability (CVE-2012-0002). Our page on the Threat Encyclopedia also contains respective Trend Micro solutions that cover the rest of this month’s patches.
Update as of March 15, 2012, 6:12 p.m. (PST)
The update for MS12-020 is now available for Intrusion Defense Firewall (IDF), too. Deep Security currently has coverage with Deep Security Update DSRU12-006 and IDF with update 12007. Deep Security provides coverage for four vulnerabilities, while IDF provides coverage for three.