In its lightest release of Patch Tuesday fixes this year, Microsoft issued six security bulletins today addressing seven issues mostly affecting server and desktop versions
While only one of the six bulletins is labeled “critical” – the other five are rated “important” or “moderate” – Microsoft officials advise that users make the critical fix a “March deployment priority.”
The bulletin, called MS12-020, applies to a specific subset of systems running Remote Desktop Protocol (RDP) although it is less “problematic” for those systems that have Network Level Authentication enabled, according to company officials. Still, they recommend users apply the bulletin as soon as possible. If not corrected, the flaw could permit an attacker to achieve remote code execution on a machine running RDP.
The vulnerability affects both desktop and server versions of Windows including Windows Server 2003, 2008 R2, Windows XP, Windows Vista and Windows 7. Once the patch is applied, it will require a system restart.
Analysts said the critical classification of this flaw is warranted.
“This one really scares me. It has the potential for being something very bad in the future. Microsoft is downplaying it saying RDP is not used all that much, but this (RDP) is how help desk administrators connect and get into servers,” said Jason Miller, manager of Research and Development, VMware. "RDP is powerful, useful and fast, and it comes preinstalled so there is little pre-configuration involved.”
Older systems running Windows Server 2003 and Windows XP are the most vulnerable, Miller said, because they don’t have some of the built-in security features as systems running Network Level Authentication.
“These are the systems that must be addressed right away. Users need to either turn off RDP or patch it,” Miller advised.
A second fix, rated "important," addresses a vulnerability in a DNA server that could result in a denial of service. If successfully carried out, the flaw results in an elevation of privilege once the attacker runs a specially crafted application. The attacker does however, need valid logon credentials to log on to successfully carry out the attack. This fix also requires a system restart.
A third vulnerability, also categorized as ‘important,” addresses a vulnerability among Windows kernel-mode drivers that could allow for an elevation of privilege. As in the previous important fix, attackers need valid logon credentials to log on locally to carry out the attack.
In a fourth vulnerability affecting Windows, the company has released a fix to address a flaw in DirectWrite that could result in a denial of service. For instance, in an attack involving an instant messenger, the vulnerability could cause a denial of service if hackers successfully sent a sequence of Unicode characters directly to an instant messenger client. The result is the targeted application becomes unresponsive once DirectWrite renders the sequence of characters. This security update islabeled “moderate.”
For more details on this month’s bulletins, users can visit the Microsoft Security Response Center blog.