Microsoft patch ms12-020 - Free Download
This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. Systems that do not have RDP enabled are not at risk. For more information, see the subsection, Affected and Non-Affected Software , in this section. The security update addresses the vulnerability by modifying the way that the Remote Desktop Protocol processes packets in memory.
For more information about the vulnerability, see the Frequently Asked Questions FAQ subsection for the specific vulnerability entry under the next section, Vulnerability Information. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically.
Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
See also the section, Detection and Deployment Tools and Guidance , later in this bulletin. The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected.
To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle. Will I still be offered this update? Although systems that do not have RDP enabled are not at risk from the vulnerabilities, customers who have not enabled RDP will still be offered this update in order to help ensure the protection of their systems. Where are the file information details? Refer to the reference tables in the Security Update Deployment section for the location of the file information details.
I am using an older release of the software discussed in this security bulletin. What should I do? The affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, visit the Microsoft Support Lifecycle website. It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.
To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Service Pack Lifecycle Support Policy. Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options.
Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information website, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager.
The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary.
For more information, see Microsoft Exploitability Index. A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:.
If you no longer need these services on your system, consider disabling them as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. TCP port is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability.
This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. However, systems could still be vulnerable to attacks from within their enterprise perimeter.
If you cannot disable the Windows Firewall exception for Remote Desktop, you may be able to reduce the scope of this vulnerability by setting the default value of all computers including those on the Internet , to the local network. Doing this helps reduce the likelihood of attacks from the Internet.
If you are using this feature, you should validate that this port is also blocked from the Internet in addition to port Note It is possible to manually change the affected components to use other ports.
If you have performed these actions, you should also block those additional ports. You can enable Network Level Authentication to block unauthenticated attackers from exploiting this vulnerability. With Network Level Authentication turned on, an attacker would first need to authenticate to Remote Desktop Services using a valid account on the target system before the attacker could exploit the vulnerability.
In order to use Network Level Authentication, your environment must meet the following requirements:. What is the scope of the vulnerability?
This is a remote code execution vulnerability. What causes the vulnerability? The vulnerability is caused when the Remote Desktop Protocol processes a sequence of specially crafted packets, resulting in the access of an object in memory that has not been properly initialized or has been deleted. RDP allows remote users to access all of the data and applications on their computers.
Is remote desktop enabled by default? No, RDP for administration is not enabled by default. However, customers who have not enabled RDP will still be offered this update in order to help ensure the protection of their systems. For more information regarding this configuration setting, see the TechNet article, How to enable and to configure Remote Desktop for Administration in Windows Server What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system. How could an attacker exploit the vulnerability? A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system.
What systems are primarily at risk from the vulnerability? Terminal servers are primarily at risk from this vulnerability. What does the update do? The update addresses the vulnerability by modifying the way that the Remote Desktop Protocol processes packets in memory.
When this security bulletin was issued, had this vulnerability been publicly disclosed? Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.
Manage the software and security updates you need to deploy to the servers, desktop, and mobile systems in your organization. The Microsoft TechNet Security website provides additional information about security in Microsoft products. Security updates are available from Microsoft Update and Windows Update.
Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search for "security update. Finally, security updates can be downloaded from the Microsoft Update Catalog. The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs.
By searching using the security bulletin number such as, "MS" , you can add all of the applicable updates to your basket including different languages for an update , and download to the folder of your choosing.
Microsoft provides detection and deployment guidance for security updates. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates.
For more information, see Microsoft Knowledge Base Article Microsoft Baseline Security Analyzer MBSA allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. Windows Server Update Services WSUS enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. Note Microsoft discontinued support for SMS 2. Customers are encouraged to upgrade to System Center Configuration Manager.
See also Downloads for Systems Management Server For more detailed information, see Microsoft Knowledge Base Article Summary list of monthly detection and deployment guidance articles. Updates often write to the same files and registry settings required for your applications to run. This can trigger incompatibilities and increase the time it takes to deploy security updates. You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit.
The Application Compatibility Toolkit ACT contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Windows Vista, a Windows Update, a Microsoft Security Update, or a new version of Windows Internet Explorer in your environment.
For information about the specific security update for your affected software, click the appropriate link:.
CVE-2012-0002: A closer look at MS12-020’s critical issue
Removing the Update This security update supports the following setup switches. For systems running RDP without Network-Level Authentication NLA enabled, this post includes information on a mitigation that may be applied in advance of the bulletin. TCP port is used to initiate a connection with the affected component. Crna Gora - Srpski. Other releases are past their support life cycle. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. Microsoft has released security bulletin MS Know Your Enemies, Part 2 Video.
Download Security Update for Windows 7 (KB2621440) from Official Microsoft Download Center
Windows 7 all editions Reference Table The following table contains the security update information for this software. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. However, the history of Microsoft Security Updates is replete with such examples -- and MS is no different than dozens of security updates that have come before. The articles may contain known issue information. Customers should apply all updates offered for the version of Microsoft Windows installed on their systems. July 31, Version: Systems that do not have RDP enabled are not at risk. Follow Microsoft Facebook Twitter. Just to reiterate, remote desktop is not enabled by default and is not commonly enabled on client workstations. Removing the Update This security update supports the following setup switches.
MS12-020: Vulnerabilities in Remote Desktop could allow remote code execution: March 13, 2012
If the Allow connections only from computers running Remote Desktop with Network Level Authentication check box is selected and is not enabled, the Require user authentication for remote connections by using Network Level Authentication Group Policy setting has been enabled and has been applied to the RD Session Host server. No user interaction is required, but installation status is displayed. Dave S Dave Schafer. If you no longer need these services on your system, consider disabling them as a security best practice. The update addresses the vulnerability by modifying the way that the RDP service processes packets. For all supported bit editions of Windows XP: Affected and Non-Affected Software The following software have been tested to determine which versions or editions are affected. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program MAPP Partners. Updates often write to the same files and registry settings required for your applications to run. New Zealand - English. Any use of this information is at the user's risk. We understand and appreciate that our customers often need time to evaluate and install bulletins as appropriate for their environment. See the section, Detection and Deployment Tools and Guidance , earlier in this bulletin for more information. The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. Note Attributes other than the file version may change during installation.