Slingshot Orbit of Technology

Regarding IE 2012 Year End Vulnerability there is ‘Fix it’ available however there is no patch in Microsoft’s January Security Updates.  This could lead to an out-of-cycle patch and the current guidance is:

• For Windows 7, update to version 9 of Internet Explorer.
• Individuals using XP; install an additional browser such as Mozilla Firefox or Google Chrome
• Corporate or others required to use XP with IE 8 should apply Microsoft’s ‘Fix it’ for Internet Explorer 6, 7, and 8

Microsoft Security Bulletin MS12-020 says, “vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.”

It can be exploited over the network.
Companies often make RDP accessible on the standard TCP port 3389 from the Internet for remote access to servers and sometimes workstations.

SANS recommend applying the MS12-020 patch as quickly as practical in your environment. Until you install the patch, consider moving your RDP listeners to non-standard ports.  Additionally having NLA enabled, the vulnerable code is still present and could potentially be exploited for code execution. However, NLA would require an attacker to first authenticate to the server before attempting to exploit the vulnerability.

Reference:
KB 2671387