Internet Security Systems - AlertCon(TM)

March 2012 Microsoft Super Tuesday

Posted by Shane Garrett on March 13, 2012 at 1:40 PM EDT.

March was a light month for updates from Microsoft. Even so, there were three issues that are remotely exploitable that deserve special attention.

  • MS12-020 : Vulnerabilities in Remote Desktop Could Allow Remote Code Execution

    Two CVEs were addressed in the Critical update to Remote Desktop/Terminal Services. This update should definitely be applied, especially if you have RDP enabled for machines that are directly accessible via the Internet.
    CVE-2012-0002 covers a vulnerability that affects all versions of Windows and could be exploited for denial of service or remote code execution. Specially crafted RDP packets can be sent to the server causing a use-after-free situation. The vulnerable code is in a driver so this can lead to a bugcheck or possibly code execution in the context of the kernel. If Network Level Authentication is enabled in Windows 7 and 2008 environments then the attacker would need valid credentials, otherwise this attack can be performed unauthenticated.
    CVE-2012-0152 covers a denial of service vulnerability that affects the Terminal Server services on Windows 7 and 2008. An attacker using readily available tools can cause the service to stop responding due to a flaw in how the service handles connections.

  • MS12-017 : Vulnerability in DNS Server Could Allow Denial of Service

    This bulletin covers a privately reported vulnerability in the DNS Server software in Microsoft Windows 2003 and 2008, x86 and x64 versions. A memory leak exists when handling certain types of DNS query responses that can lead to the DNS Server process using a large amount of memory. The memory exhaustion can cause system performance issues as well as causing the DNS Server process to stop responding. Fortunately, the DNS Server can often recover from a memory exhaustion scenario by restarting. If you are using Windows as a DNS server it's recommended to apply this update.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.