RDP, IE Security Fixes Top Microsoft Patch Tuesday


Fixes for Internet Explorer and Remote Desktop Protocol (RDP) headline this month’s edition of Microsoft's Patch Tuesday. The Redmond, Washington-based company has issued three bulletins listed as “critical” and four bulletins listed as “important” as channel partners and other IT leaders seek to make their infrastructure more secure as the number of worldwide attacks continues to escalate.

On the critical list, Bulletin MS12-036 resolves a privately reported vulnerability in the Remote Desktop Protocol that could allow remote code execution via malicious RDP packets sent to an infected system.

“The RDP one is a bit scary,” said Jason Miller, manager of research and development at VMware. “Attackers don't even need to know anything about your network. They just need you to have RDP enabled. The protocol is used by administrators for the virtualization of servers, remote management and other functions. So, RDP is probably going to be enabled on most of the machines on the network. This is an extremely important patch that deserves immediate attention.”

[Related: Seven Microsoft Security Bulletins For Patch Tuesday]

Bulletin MS12-037 is a critical update eliminating a vulnerability in Internet Explorer that could allow remote code delivered through a compromised website. An attacker who has successfully exploited any of these vulnerabilities could gain the same user rights as the current user.

“I think this vulnerability will be used in attacks sooner than any of the other ones on this list,” said Marc Maiffret, CTO of BeyondTrust. “This is actually a variety of different Internet Explorer vulnerabilities that impact all the versions of the browser. These are a lot more straightforward to actually exploit, so I think we'll see that used fairly quickly in the wild.”

Marcus Carey, security researcher at Rapid7, also puts the IE vulnerabilities at the top of his patch list due to the wide deployment of the Microsoft browser. “The Internet Explorer bulletin is definitely interesting because browser related exploits are by far the number one vehicle of attack from a criminal perspective and from an APT perspective,” he said. “Given the sheer number of desktops involved, I think it should be taken very seriously.”

The third critical bulletin, MS12-038, resolves a vulnerability to the Net Framework that could allow remote code execution on a client system via a compromised website if the user is running a web browser that can run XAML applications. The vulnerability could also be used by Windows Net applications to bypass code access security restrictions. In addition, malicious websites and websites that accept or host user-provided content or advertisements could contain malicious content that could exploit this vulnerability, as well.

NEXT: Here’s What’s “Important”