March 2012 Patch Tuesday Overview
Microsoft has released six bulletins for the March 2012 Patch Tuesday. With this release, Microsoft is addressing seven vulnerabilities.
The primary bulletin administrators should look to address first is MS12-020. This bulletin addresses two privately reported vulnerabilities to Microsoft affecting the Remote Desktop Protocol on all supported versions of the Microsoft operating system.
If an attacker sends a specially crafted packet to a machine with RDP enabled, the attack could result in Remote Code Execution on the target machine. Although Microsoft is stating that most machines do not have RDP enabled by default, I know of many organizations that use RDP to troubleshoot machines. This Windows component comes even more into play with machines that are not physically located next to users such as virtualized machines. Using RDP is a common technique used to connect to virtualized machines.
There are a couple of varying factors with this vulnerability that could help or increase the risk of attack on a network. First, older operating systems (Windows XP, 2003) can potentially have an unauthenticated attack vector on this vulnerability. With these systems, an attacker can simply send specially crafted RDP network packets to the target system and gain full system level access. Newer versions of the Microsoft operating system (Windows Vista, 2008, 7, 2008 R2) have a security feature that can be turned on to prevent unauthenticated access. This technology, Network Level Authentication, will force an attacker to provide valid credentials to gain access to the system.
This bulletin simply scares me when it comes to protecting an environment from future attacks. This vulnerability has the real potential to become victim to a worm outbreak if this vulnerability is not patched. Although this vulnerability may be difficult to exploit, I can assure you attackers will be working hard to create a valid attack against the vulnerability. With that said, administrators should patch this bulletin immediately.
A lot of organizations have patch maintenance windows that only allow patching at certain times. If an administrator has a maintenance window later this month but wants to help mitigate the risk of this vulnerability, Microsoft has supplied a FixIt tool to enable NLA on newer operating systems. In addition, they have provided a FixIt tool to enable support for NLA on Windows XP SP3. Windows XP does not have this technology as it is an older operating system.
On the non-Microsoft front, Adobe has released an update for their ColdFusion program with security bulletin APSB12-06. This security bulletin is rated as important and addresses one vulnerability. Mozilla is hinting at releasing security updates for Thunderbird and SeaMonkey later today. So far, they have released new versions of Firefox with 10.0.3 and 3.6.28. Both of the Firefox updates are security updates.
As with any Patch Tuesday, keep your eyes and ears open for any other vendors potentially sneaking in a security update.
There have been some non-Microsoft security updates released since the February Patch Tuesday including:
With the RDP bulletin released today along with all of the other non-Microsoft security bulletins released today and during this month, administrators will have their own March Madness to deal with patching their networks.
I will be talking about the March Patch Tuesday as well as any other non-Microsoft patches that have been recently released next Wednesday, March 14th at 11:00am CST in part of our monthly Patch Tuesday webinar. Click here to register for the webinar.
- Jason Miller