Microsoft's scheduled `Patch Tuesday' release on March 13 had the company announcing six update patches, including one that fixes a `critical' Windows vulnerability - dubbed CVE-2012-0002 - which allows hackers to remotely gain control of a computer without authentication.
The critical flaw - the only one for this month's Patch Tuesday release - was fixed in the Remote Desktop Protocol (RDP) service of the operating system; and it reportedly affected all supported versions of Windows, including Windows XP, Vista and 7, and Windows Server 2003, and 2008.
According to Microsoft, the critical update chiefly plugs two security holes in the RDP service which basically allows administrators to access Windows systems remotely over a network. Since RDP is not a `default' enabling on standard Windows installations, the vulnerabilities pose a much greater threat to businesses as compared to consumer systems.
Terming the flaw as "a pre-authentication, remote code bug," Andrew Storms, director of security operations at nCircle Security, said: "It will allow network execution without any authentication, and has all the ingredients for a class worm."
Meanwhile, in the opinion of Dave Marcus, McAfee Labs' director of advanced research and threat intelligence, the March Patch Tuesday bulletin by Microsoft should be deemed a top priority, especially in the wake of the fact that the company has given its "exploitability index" a rating of 1; thus implying that Microsoft is likely to make the working exploits available within a month's time.
- Shadow Health Secretary Andy Burnham talks about Ongoing Problems in NHS
- Restraint Technique on Mental Health Patients Risks Their Lives
- Antibiotics Before A year Increases Baby’s Chances of Developing Eczema by 40%
- NHS Bureaucracy Supports Secrecy Instead of Addressing Problems
- NHS Boss Dons a Superman Costume to Promote Workout