Skip to main content

Critical Windows bug patched

Microsoft has patched a bunch of vulnerabilities this month

Microsoft has released six security updates as part of its monthly update cycle – but there's one more of interest than the others.

It fixes a critical loophole in the OS that could potentially be exploited by a worm.

The MS12-020 patches two holes in Windows Remote Desktop Protocol (RDP) for remote PC access.

It's used when IT guys take over your system to fix a problem or install software but is not enabled by default on many Windows systems.

The critical vulnerability – known as CVE 2012-0002 - could be exploited by a hacker sending multiple data packets to a system which has RDP enabled .

Exploit code

"Developing a working exploit will not be trivial – we would be surprised to see one developed in the next few days," says Microsoft in its security bulletin on the issue. "However, we expect to see working exploit code developed within the next 30 days."

Microsoft says it "strongly encourages" system admins to "make a special priority of applying this particular update but says that "CVE-2012-0002 was privately reported and we are not aware of any attacks in the wild".

The other vulnerabilities that have also been patched include problems with Expression Design and Visual Studio as well as a publicly disclosed vulnerability in Windows DirectWrite, part of Windows' text rendering engine.