Robert Ono, IT security coordinator for UC Davis, is urging everyone at UC Davis who uses Windows operating systems to immediately apply the Microsoft MS12-020 security patch, released in mid-March. In a message to the campus, he writes:
"The Microsoft MS12-020 security patch for Windows operating systems corrects a vulnerability that permits remote code execution--without authentication--on a computer that has Windows remote desktop protocol (RDP) services enabled. Exploit code for this vulnerability has been leaked to the Internet. This RDP vulnerability affects current versions of the Windows operating system.
"If you have questions regarding whether MS12-020 has been applied to your university computer, please consult your unit technical support staff. For your home computer, you can run Windows update to apply this security patch.
"For more detailed information about this vulnerability and security patch, please consult the Microsoft technical bulletin."
PC World posted an updated article by Tony Bradley about the patch and underlying problem on March 19. "I know it seems a bit melodramatic, and it's easy to dismiss security experts claiming the 'sky is falling,' " he concludes. "But, when SQL Slammer wormed its way around the world and crippled the Internet in under an hour, it exploited a flaw that Microsoft had published a patch for many months earlier. Don't let MS12-020 become another SQL Slammer. Patch it now."