One patch in particular is cause for concern given the worm-like capabilities of the exploit it addresses, according to experts from security performance management firm nCircle. Andrew Storms, the company's director of security operations, says the lone critical patch -- MS12-020 -- makes today a "red alert day for IT security" because the bug could grant an attacker access to the Remote Desktop Protocol used to grant remote users access to servers in the .
The threat was given the highest rating on Microsoft's exploitability index, meaning that the exploit is an "attractive target for attackers" because they "could consistently exploit that vulnerability," . Wolfgang Kandek, CTO at security solution firm Qualys, says this rating means working exploits are likely to be released in fewer than 30 days.
RSA CONFERENCE 2012:
"It's probably the first patch this year that really raises eyebrows," Kandek says. "Attackers really appreciate this type of vulnerability where you can access it through the network and you don't need to social engineer anybody to get credentials. Just by having a machine on the network with that service running you can get control of it."