Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Microsoft patches for March – one critical for Remote Desktop Protocol

by

Microsoft has just provided some details about the March operating system patches scheduled to be released on Tuesday, March 13.  There are six patches that are scheduled to be released. Four of the patches are for current Microsoft Operating Systems and the remaining two patches apply to Visual Studio and Expression Design.

Only one of the patches is identified as having a CRITICAL severity – however, the CRITICAL severity applies to ALL current Microsoft Workstation and Server Operating Systems. With one exception, the remaining five patches are assigned a severity of IMPORTANT.  The exception is assigned a severity of MODERATE and applies to Windows Vista/Win7 and Microsoft Server 2008 and 2008R2.

 

As the one patch assigned the severity of CRITICAL could enable remote code execution if exploited, based on the information as it is currently known, it is likely that a recommendation of ‘patch as soon as possible’ will be suggested by the Information Security Officer for AgriLife IT.  It is currently unknown if that recommendation will include workstations AND servers.

 

The Microsoft advance notification is available at – http://technet.microsoft.com/en-us/security/bulletin/ms12-mar

Additional information will be provided by Microsoft on March 13. The AgriLife-IT ISO will issue a patch recommendation soon there-after.

Update March 19

The only patch given a severity rating of critical was http://technet.microsoft.com/en-us/security/bulletin/ms12-020. It is a pretty significant exposure but only for systems with remote desktop enabled.  All current workstation and server operating systems have the same critical exposure. The vulnerability specific details had not been disclosed prior to today (also known as private). Reliable exploit code is expected to be released in the next 30 days.

ISO recommendation – Users running workstations or servers with remote desktop enabled should apply this patch immediately.

See details of patch ms12-020 at  http://technet.microsoft.com/en-us/security/bulletin/ms12-020

The other patches released today were much less significant. Of the four rated as important, one is for a denial of service on windows dns service.

A second is an elevation of privilege vulnerability on windows kernel mode drivers. To exploit the second vulnerability the user must be able to login locally with valid credentials.

A third important vulnerability is an elevation of privilege in windows visual studio. To exploit the third vulnerability the attacker would need to be able to login locally with valid credentials.
The fourth and final important vulnerability is a remote code execution vulnerability for windows design expression.

 

Update March 20

NOTE: Late in the day on March 16, a proof of concept exploit was released for the vulnerability identified as MS12-020.  The initial expectation was exploit code would be released within 30 days. However, it appears that the code used to verify the vulnerability (from approximately August 2011), was what was released on March 16.  For that reason, the time for working malicious exploits are expected to be much sooner than in the next 30 days.