Microsoft's March Patch Tuesday round of updates sees the company address a critical flaw in its Remote Desktop Protocol (RDP) across all supported versions of Windows. The vulnerability allows attackers to remotely execute code on an unpatched system that has Remote Desktop enabled. Microsoft's Remote Desktop Protocol, which is disabled by default on newer Windows installations, allows users to remotely connect to Windows desktops or servers, and is widely used amongst enterprise customers.
Microsoft is encouraging system administrators to apply its latest update as a "special priority" given the nature of the flaw. RDP is typically allowed through firewalls and Microsoft expects that working exploit code will be developed within the next 30 days. Attackers may well develop code similar to the Morto worm released late last year. Morto infected machines using RDP and allowed remote attackers to access the file system of a Windows PC. Microsoft isn't warning of a large-scale Internet worm attack, similar to Blaster and Code Red, but the company's insistence of imminent attack code should make this a priority update for all Windows users.
Thanks, Graeme Meyer!