Microsoft Warns about Critical RDP Vulnerability | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

Microsoft Warns about Critical RDP Vulnerability

Written By
Sean Michael Kerner
Sean Michael Kerner
Mar 14, 2012
2 minute read

Microsoft’s March “Patch Tuesday” update is taking a slightly different approach than in previous months. Released today, this month’s Patch Tuesday update includes six security advisories — and for the most critical flaws, Microsoft is providing both a patch and a ‘Fix It’ update.

The critical flaws are addressed in the MS12-020 bulletin, detailing vulnerabilities in Remote Desktop Protocol (RDP). The flaws could have potentially enabled an attacker to execute arbitrary remote code.

“The patch actually fixes the problem, and the Fix It implements the workaround,” Wolfgang Kandek, CTO of security firm Qualys, told InternetNews.com.

Kandek explained that the Fix It update enables Network Layer Authentication (NLA) protocol, which mitigates the risk that the MS12-020 bulletin warns about. The Fix It also does not require a system reboot, which is required by the full patch.

“The Fix It does not cure the root cause,” Amol Sarwate, Director of Vulnerability Labs at Qualys, told InternetNews.com. “It does enough to make sure that attackers can not trigger the vulnerable condition.”

Microsoft does not normally release both a Fix It update as well as a full patch at the same time. Typically, Fix It updates have been released as a quick workaround to protect users until a full patch is made available.

“In this case, Microsoft wants users to use NLA,” Kandek said. “Microsoft is trying to steer people to review their policies around remote desktop and some users might still have a legacy setting, that is only really necessary if they use older versions that don’t support NLA.”

Sarwate noted that by releasing the Fix It update as well as the full patch, Microsoft is giving users the chance to mitigate the immediate risk, without the need to immediately do a full reboot.


Read the full story at eSecurityPlanet:
Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop Protocol

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information