Security Protection – Harry Waldron MVP Rotating Header Image

MS12-020 Vulnerabilities – Actively targeted for Exploit development

The Microsoft March 2012 Security patches should be promptly applied to ensure corporate or home protection.   Exploit development is in process and malware authors will likely attempt to further improve malicious code that can be used in future attacks.  Below are some recent developments: 

Exploit For Ms12-020 RDP Bug Moves to Metasploit http://threatpost.com/en_us/blogs/exploit-ms12-020-rdp-bug-moves-metasploit-032012

QUOTE:  As the inquiry into who leaked the proof-of-concept exploit code for the MS12-020 RDP flaw continues, organizations that have not patched their machines yet have a new motivation to do so: A Metasploit module for the vulnerability is now available. 

F-Secure documents new RDPKill sample exploit http://www.f-secure.com/weblog/archives/00002338.html

QUOTE: Since the public release of Microsoft’s MS12-020 bulletin, there have been plenty of attempts to exploit vulnerabilities in the Remote Desktop Protocol (RDP). Last week, we received a related sample, which turned out to be a tool called “RDPKill by: Mark DePalma” that was designed to kill targeted RDP service.

Working MS12-020 RDP Exploit discovered one day after patch http://www.net-security.org/secworld.php?id=12608

QUOTE: The vulnerability in Microsoft’s Remote Desktop Protocol (RDP) implementation (MS12-020) – a patch for which has been released by during the last Patch Tuesday – has been deemed critical enough to warrant a an immediate implementation of the patch, as it was expected that an exploit for the vulnerability would pop up in the wild in fewer than 30 days.  But, as it turns out, it took only one.

Please see the March security bulletins for more details:

Microsoft Security Updates – March 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-mar

MS12-020 – Critical to Patch due to Exploit development in the wild Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
http://technet.microsoft.com/en-us/security/bulletin/ms12-020

Comments are closed.