Microsoft Issues Scary Warning in Otherwise Light Patch Tuesday

Microsoft on Tuesday issued its standard monthly set of software patches, and by all accounts it was a relatively uneventful month, with six patches, only one of which is rated as Critical. But that Critical fix is a big one, a remote desktop flaw that the software giant essentially promised would result in attacks within the month.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," Microsoft's Suha Can and Jonathan Ness wrote in the company's Security Research and Defense blog, setting off alarms for security researchers worldwide.

According to Microsoft, the remote desktop flaw could lead to remote code execution. And though this service, called Remote Desktop Protocol (RDP), is disabled by default in Windows, it's used by many businesses and thus is expected to be attacked quickly.

As a result, Microsoft has provided workarounds that will mitigate the issues ahead of patch deployment. The workarounds are available as Microsoft Fix It solutions, which essentially enable a feature called Network Level Authentication (NLA) for RDP.

Aside from the remote desktop flaw, this month's patches are hardly notable. The remaining fixes include flaws in various Windows, Visual Studio, and Expression Design versions. 

You can find out more about Microsoft's March 2012 security bulletins and fixes on the company's Security Response Center blog.

TAGS: Windows 8
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish