On Patch Tuesday, Microsoft delivered a small number of fairly unimportant updates – and one security patch that is being pushed with unusual urgency.
Your individual computers are installing this automatically. If your computer restarted this week, you’re up to date. Don’t panic. If you want to see if the update was installed on your computer this week, open up Control Panel / Windows Update and click on View Update History on the left. Look for KB2621440.
I will be installing this update on all servers run by my clients in the next few days.
There is a vulnerability in Microsoft’s Remote Desktop Protocol that can be used to take control of a computer under certain circumstances. Microsoft describes it this way in its security blog:
“Security Update MS12-020 addresses two vulnerabilities in Microsoft’s implementation of the Remote Desktop Protocol (RDP). One of the two, CVE-2012-0002, is a Critical, remote code execution vulnerability affecting all versions of Windows. This blog post shares additional information with the following goals:
- “To strongly encourage you to make a special priority of applying this particular update;
- “To give you an option to harden your environment until the update can be applied.
“Note that CVE-2012-0002 was privately reported and we are not aware of any attacks in the wild. Additionally, the remote desktop protocol is disabled by default. However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days.”
That directly translates as: FIRE! EMERGENCY! LOCK THE DOORS! PANIC! RUN! This has the potential of turning into a Code Red / Nimda disaster for servers that don’t get patched.
I’ve seen reports that the bad guys have set up bounties and rewards for successful exploits, the sooner the better.
There are a number of reasons that the risk is mitigated in small business networks but that doesn’t change the importance of getting this patch installed in the next week or so.
Bruceb clients: expect your servers to restart in the next few days or over the weekend!