Trend Micro Provides 'Pre-crime' Virtual Patch for Critical Microsoft Security Hole
Microsoft has identified a critical flaw affecting RDP (Remote Desktop Protocol) included in most versions of Windows, and they estimate that criminals will exploit it within 30 days.
Shortly after the announcement, an exploit titled MS2-020 was live and capable of crashing the target computer on Windows 7. Trend Micro provided protections against attempts to exploit the vulnerability and will continue to monitor the situation and provide updates as appropriate.
Read on for the full press release.
Exploits targeting this new system vulnerability are already out in the wild!
Singapore - In the last Patch Tuesday bulletin, Microsoft identified a critical flaw affecting Remote Desktop Protocol (RDP), included in most versions of Windows, and they estimate criminals will exploit it within 30 days.
What was supposed to be 30 days was in reality a few hours as it has now been confirmed that shortly after the Microsoft announcement that an exploit, titled MS2-020, was live and capable of crashing the target computer on Windows 7 or causing a distributed denial of service condition on Windows XP. The mission of system administrators everywhere is now twofold: to patch critical systems as quickly as possible, while minimizing critical downtime.
First and foremost there is the consideration of severity. According to Trend Micro’s CTO, Raimund Genes, the scale of the exploit could be significant -- “As a remote desktop protocol that is widely used within Enterprises this is really severe as attackers will be able to remotely control an affected system.” The critical nature of the exploit has created a call to action for administrators to patch immediately or take a system completely offline.
Trend Micro provided protections against attempts to exploit the vulnerability on Tuesday March 13, 2012, the same day it was released. Trend Micro will continue to monitor the situation and provide updates as appropriate.
Even though Microsoft has made a patch available for this critical vulnerability, we expect most organizations will struggle with deploying the patch as soon as it is available. This is due to the need to test IT systems to make sure the patch does not break existing applications, the challenge of taking down mission-critical servers and the complexity of rolling out the patch to thousands of mobile endpoints. On average, there are over 2000 such critical software flaws every year, that’s over 8 for every working day, so IT departments cannot keep up with keeping all their systems up-to-date on all requisite patches in a timely manner before the exploits come out.
Trend Micro is making Paul Ferguson available to comment on the development of the RDP exploit and to discuss the following as it relates to the confirmation of S12-020:
- All end-systems need to be patched, and as quickly as possible – period!
- Trend Micro believes that it's just a matter of time before this is made "wormable" so that a working exploit for this vulnerability could be fashioned to spread from vulnerable-host to vulnerable-host (e.g. like a worm) and could happen before the end of the weekend.
- The impact and reach potential
- The potential for the vulnerability to be exploited by a large-scale internet worm
- The hazards of “fake” exploits
- Alternative vulnerability shielding or virtual patching solutions such as Trend Micro Deep Security and Trend Micro Intrusion Defense Firewall