That said, if this affects you, please read on. [EDIT] NOTE THAT EXPLOIT CODE HAS BEEN DEVELOPED -- see last few links for more.
ISC Diary | March 2012 Microsoft Black Tuesday
Microsoft warns: Expect exploits for critical Windows worm hole | ZDNet
Overview of the March 2012 Microsoft patches and their status.
RDP Flaws Lead Microsoft’s March Patch Batch — Krebs on Security
Attention Microsoft Windows administrators: Stop what you’re doing and apply the new — and very critical — MS12-020 update.Microsoft is warning that there’s a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol.
Microsoft today released updates to sew up at least seven vulnerabilities in Windows and other software. The sole “critical” update in the bunch patches a particularly dangerous flaw in all supported versions of Windows that allows attackers to seize control over vulnerable systems remotely without authentication.ISC Diary | Why We Rated the MS12-020 Issue with RDP "Patch Now"
The critical update plugs two security holes in Microsoft’s Remote Desktop Protocol (RDP), a service that is designed to let administrators access Windows systems remotely over a network. The saving grace for these vulnerabilities — which are present in Windows XP, Vista and 7, and Windows Server 2003, and 2008 — is that RDP not enabled by default on standard Windows installations. That means it is far more likely to be a threat to businesses than to consumer systems.
Exploit code published for RDP worm hole; Does Microsoft have a leak? | ZDNet
Microsoft's March 2012 "Black Tuesday" announcement included the MS12-020 patch, which fixes a vulnerability in Microsoft's implementation of RDP. This vulnerability (CVE-2012-0002) could allow a remote unauthenticated attacker to execute arbitrary code on the affected system. Microsoft labeled this issue "Critical" and we assigned it our highest severity label "Patch Now" for servers. Here's why:
These factors make it very attractive for attackers to attempt reverse-engineering Microsoft's MS12-020 patch to, understand the details of the bug and craft an exploit. This will likely happen sooner than 30 days. The universal applicability of the exploit and its targetability over the Internet and internal networks might motivate the creation auto-propagating worms to capture systems quickly and efficiently.
- The CVE-2012-0002 vulnerability applies to most flavors of Microsoft Windows.
- It can be exploited over the network.
- Companies often make RDP accessible on the standard TCP port 3389 from the Internet for remote access to servers and sometimes workstations.
Microsoft confirms MAPP proof-of-concept exploit code leak | ZDNet
Chinese hackers have released proof-of-concept code that provides a roadmap to exploit a dangerous RDP (remote desktop protocol) vulnerability that was patched by Microsoft earlier this week.
The publication of the code on a Chinese language forum heightens the urgency to apply Microsoft’s MS12-020 update, which addresses a remote, pre-authentication, network-accessible code execution vulnerability in Microsoft’s implementation of the RDP protocol.It also sets of alarm bells in the corridors at Redmond because there are clear signs that Microsoft’s pre-patch vulnerability sharing program has been breached or has suffered a major leak.
An embarrassing leak within the Microsoft Active Protections Program (MAPP) has led to the publication of proof-of-concept code for a serious security hole in all versions of Windows, Microsoft confirmed late Friday.RDP Flaw Found – Get Patched Now | Remote Administration For Windows