Patch Tuesday March 2012 fixes a set of vulnerabilities in Microsoft technologies. Interesting fixes rolled out will patch a particularly problematic pre-authentication ring0 use-after-free in Remote Desktop and a DoS flaw, a DoS flaw in Microsoft DNS Server, and several less critical local EoP vulnerabilities.
It seems to me that every time a small and medium sized organization runs a network, the employees or members expect remote access. In turn, this Remote Desktop service is frequently exposed to public networks with lazy, no-VPN or restricted communications at these sized organizations. RDP best practices should be followed requiring strong authentication credentials and compartmentalized, restricted network access.
Some enterprises and other large organizations continue to maintain a "walled castle" and leave RDP accessible for support. The problem is that RDP-enabled mobile laptops and devices will make their way to coffee shops or other public wifi networks, where a user may configure a weak connection policy, exposing the laptop to attack risk. Once infected, they bring back the laptop within the walled castle and infect large volumes of other connected systems from within. To help enterprises that may have patch rollout delays, Microsoft is providing a fix-it that adds network layer authentication to the connection, protecting against exploit of the vulnerability.
This past fall, we observed the RDP worm Morto attacking publicly exposed Remote Desktop services across businesses of all sizes with brute force password guessing. It was spreading mainly because of extremely weak and poor password selection for administrative accounts! The Morto worm incident brought attention to poorly secured RDP services. Accordingly, this Remote Desktop vulnerability must be patched immediately. The fact that it's a ring0 use-after-free may complicate the matter, but Microsoft's team is rating its severity a "1" - most likely these characteristics will not delay the development of malicious code for this one. Do not delay patch rollout for CVE-2012-0002.
Also, Microsoft's DNS servers maintain DoS vulnerabilities. With hacktivist activity hugely increasing over the past year, enterprises and providers running this software should quickly move to patch their DNS servers. Indications of attack include your standard UDP request flood.
Žádné komentáře:
Okomentovat