Results 1 to 13 of 13
  1. #1
    Join Date
    Jul 2008
    Location
    Dallas, TX
    Posts
    107

    Critical Vulnerability in Windows RDP, Patch Now (MS12-020)

    Yesterday during Microsoft's Patch Tuesday they announced a patch for a critical vulnerability in Windows Remote Desktop. If exploited, the vulnerability would allow anyone to remotely run commands on your server.

    This bug affects all versions of Windows (XP - 7/2008 R2)
    If you have a server or workstation running RDP please patch it now. There currently is no known exploit, but Microsoft believes there will be one in the next 30 days. However, it is very likely there will be something sooner.

    A temporary fix is to enable NLA (Network Layer Authentication). This would require the attacker to have valid login credentials, however if successfully exploited the remote commands would run as the SYSTEM user and not the user authenticated.

    The patch is available from Windows Update and there are manual patches linked below.

    http://technet.microsoft.com/en-us/s...letin/ms12-020
    http://blogs.technet.com/b/srd/archi...cal-issue.aspx
    Ryan G. - Limestone Networks - Network Engineer
    Cloud, Dedicated, & Enterprise Hosting - Premium Network - Passionate Support
    Resell Dedicated Servers - @LimestoneInc - 877.586.0555 x1

  2. #2
    Join Date
    Apr 2002
    Posts
    76
    Thanks for the heads up.

    It is a good idea to have NLA always enabled, BTW.

  3. #3
    Join Date
    Mar 2005
    Location
    Indiana, USA
    Posts
    937
    Thanks for sharing, Ryan!
    Jason Canady • Unlimited Net, LLC
    812.669.0551 • sales [at] unlimitednet.us
    Midwest Hosting Solutions • AS11990
    Dedicated Server Hosting

  4. #4
    Thanks for sharing! Though it's not that big of a deterrent to someone really bent on attacking my server, this thread makes me happy that I just changed the RDP port address.
    Windows 2008 R2 SP1 x64
    Core2Quad Q9650; 8GB ddr2

  5. #5
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,615
    Fun times!
    Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  6. #6
    Join Date
    Nov 2003
    Posts
    538
    Quote Originally Posted by FastServ View Post
    Fun times!
    Smells like a SQL slammer kind of summer =)
    XLHost.com
    Dedicated Servers, Virtual Private Servers, and more since 1995.
    drew @ xlhost.com

  7. #7
    Join Date
    Mar 2006
    Location
    Servers
    Posts
    1,590
    Thanks Ryan, good job.
    QHoster.com - Web Hosting with DDoS Protection | Shared & Reseller in Europe/North America
    Linux/Windows RDP VPS 13 Locations : UK, US (5 states), Mexico, Canada, Bulgaria, Lithuania,
    Italy, France, Germany,Netherlands, Switzerland, Rissia, Singapore | OpenVPN/PPTP Enabled
    INSTANT | PayPal, Skrill, Payza, Bitcoin, WebMoney, Perfect Money, Ukash, CashU, paysafecard

  8. #8
    Join Date
    Mar 2009
    Posts
    391
    Working PoC already available to script kiddies, will crash unpatched servers..

    I am told 'full version' PoC will be released tomorrow .. What a nightmare !!

    http://cdn.anonfiles.com/1331835211725.rar

  9. #9
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,615
    Quote Originally Posted by XLHost View Post
    Smells like a SQL slammer kind of summer =)
    //gets ACL's ready
    Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  10. #10
    Join Date
    May 2008
    Location
    DataCenter
    Posts
    143
    thanks for the heads up
    TechWacky - The Social Tech Guide - HERE
    Currently operate servers with: Wholesale Internet, EvoSwitch, DataShack
    _) Previous servers: Limestone Networks, RapidSwitch, Poundhost, TailorMadeServers, JoesDC

  11. #11
    Went to do the manual update and it said I already have it installed.
    Windows 2008 R2 SP1 x64
    Core2Quad Q9650; 8GB ddr2

  12. #12
    Join Date
    Aug 2006
    Posts
    1,171
    WebSitePanel/ MspControl / SolidCP / Smartermail / Installation / Configuration / Troubleshooting / Migrations
    Windows Server Management / Security / Hardening
    I speak English and Spanish

  13. #13
    Thanks for the alert Limestone. Really helpful I hope more people see this thread and patch their Windows machines.

Similar Threads

  1. Replies: 0
    Last Post: 02-21-2012, 06:38 PM
  2. PHP 5.3.9 Critical Bug - Patch now
    By Ramprage in forum Hosting Security and Technology
    Replies: 62
    Last Post: 02-08-2012, 01:07 PM
  3. Zen Cart Security Vulnerability Alert + Patch
    By WaferVPS in forum Ecommerce Hosting & Discussion
    Replies: 1
    Last Post: 06-28-2009, 09:31 AM
  4. cPanel critical vulnerability
    By phiber_9 in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-01-2006, 02:13 PM
  5. Guess What, Kids? Another Critical IE Security Patch!
    By BigBison in forum Web Hosting Lounge
    Replies: 7
    Last Post: 10-15-2004, 11:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •