Windows users are being urged to install a patch for a critical flaw in Windows’ Remote Desktop Protocol which can lead to remote code execution.
Microsoft is warning Windows users the world over to apply the security patch released yesterday as soon as possible, following the discovery of a flaw in the Remote Desktop Protocol (RDP) server.
Security Update MS12-020, released as part of the monthly Patch Tuesday update cycle yesterday, is rated ‘critical’ by the organisation and addresses a serious flaw with the server used to provide remote access to Windows-based systems.
The company has warned that the flaw allows an attacker to exploit any Windows system running the RDP service over the network, and potentially over the internet providing RDP access is permitted through the firewall as is common for remote access. Worse still, the flaw can be exploited before authentication is requested and allows for remote code execution under the ‘system’ privilege level, giving attackers full and unrestricted access to the underlying operating system.