Microsoft urges firms to apply ‘critical’ security patch for March 2012

 

Continuing our series of posts on activity in the patch arena, today we highlight Microsoft’s latest critical bulletin which has been issued to urge businesses running Windows XP Service Pack 3 (and later versions through to Windows 7) to apply the update made available in March’s Patch Tuesday release.

 

Microsoft’s monthly security update for this month resolves two vulnerabilities in the Remote Desktop Protocol (RDP).

 

This protocol, often used by system administrators to perform technical support procedures, provides a channel for connecting to another user’s computer and displaying a full graphical user interface representation of the remote machine.

 

The RDP vulnerability could potentially be exploited by hackers and used to maliciously transmit compromised data ‘packets’ over the web and, ultimately, allow code execution on a targeted machine.

 

According to Microsoft, “The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.”

 

It is important to reiterate this and note that although RDP is commonly used by administrators and IT support personnel when they want to gain remote control of Windows machines; it is not configured to ‘active’ status by default.

 

Microsoft has said that the majority of firms will have automatic updating enabled, but that customers who have not enabled automatic updating need to check for updates and install this update manually.

 

According to Microsoft, “For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.”

 

This month’s Patch Tuesday updates also addressed five other Windows vulnerabilities, although these are ranked as “less severe” in nature.