A critical vulnerability in the Remote Desktop Protocol (RDP) is addressed by a patch that Microsoft released for the March 2012 Patch Tuesday (patch MS12-020).

Exploit code for the RDP vulnerability has been made available online, so it’s especially important that this patch be applied as soon as possible to any Windows machines that have RDP enabled. Note that the campus Minimum Security Standard for Networked Devices dictates that

All currently available security patches must be applied on a schedule appropriate to the severity of the risk they mitigate.

We encourage you to apply all relevant Microsoft updates for any Windows machines you manage.

See also:

• Microsoft Issues Urgent Patch for ‘Wormable’ RDP Vulnerability (PC World)
• Critical update for Windows Remote Desktop (Berkeley Security website)