Microsoft Security Bulletin – Remote Desktop Vulnerabilities Could Allow Remote Code Execution

0
Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Email this to someonePrint this pagePin on PinterestShare on TumblrBuffer this pageShare on RedditShare on StumbleUpon

Microsoft have released a Security Bulletin (MS12-020) outlining some vulnerabilities in Microsoft’s RDP protocol implementation.

These vulnerabilities are important to take into consideration when using 2X Remote Application Server since connectivity can be established using the Microsoft RDP Protocol.

The security bulletin encourages Network Administrators to apply the update, as well as reconsidering and hardening the environment to avoid any vulnerability until the update is implemented.

The security update addresses two issues identified by Microsoft; the worst case scenario being the ability to execute remote code if an attacker sends a sequence of specially crafted RDP packets to an affected system.

Microsoft posted a closer look at this update available here which covers how to harden your environment by enabling Network Level Authentication.  There is also a Fixit Utility which can be deployed so that NLA is enabled on client machines.

Useful links:

1. Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms12-020
2. Closer look: http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx
3. How to configure NLA: http://technet.microsoft.com/en-us/library/cc732713.aspx

 

Giorgio Bonuccelli is a Marketing and Communications Director at Parallels. Giorgio has extensive experience in cloud computing and virtualization, with a background of many years in multinational corporations (Dell, EMC and McAfee). In his career he has filled different roles, from sales to training and marketing. This wide-ranging experience and flexibility helps him simplify concepts and write content that is easy to read and understandable even by newcomers to the subject. As a blogger and technical writer he has published more than 1000 papers.