Microsoft patched the vulnerability in its monthly Patch Tuesday update, but warned users that “due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days.”
On March 16, Microsoft researcher Yunsun Wee said that the company had become “aware of public proof-of-concept code that results in denial of service for the issue addressed by MS12-020, which we released Tuesday.”
Wee explained that the details of the proof-of-concept code appear to match the vulnerability information shared with the Microsoft Active Protections Program, hinting that one of the partners leaked the code.
“Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements”, Wee added.
Microsoft stressed the need for users to apply the patch released on Patch Tuesday. It also is making available a one-click Fix It for users who need time to test the update before deploying it.
According to a March 19 update by Symantec, the “race for remote code execution (RCE) is well underway but as of today there are still no available exploits that have achieved this target….This is a window of opportunity that should be used to ensure that you have no unnecessary Internet-facing machines using RDP unless absolutely necessary and that the patch available for MS12-020 from Microsoft is applied to limit exposure to this critical vulnerability.”