MS12-020 and Citrix XenDesktop

Last Tuesday Microsoft has released a critical hotfix affecting Remote Desktop Services for versions of Windows commonly used as part XenDesktop and XenApp environments. Microsoft is strongly recommending that customers apply this immediately.

Click here for more information about this patch.

Citrix has tested this patch with XenApp and XenDesktop, and is listed in the Microsoft Security Patch Validation Report for March 2012.

Microsoft’s March 2012 security updates have passed Citrix testing (the updates are listed below). The testing is not all-inclusive; all tests are Continue reading “MS12-020 and Citrix XenDesktop”

MS12-020: Critical RDP security issue

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that the Remote Desktop Protocol processes packets in memory and the way that the RDP service processes packets. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Continue reading “MS12-020: Critical RDP security issue”