Security Flaw in Remote Desktop

3/16/2012 UPDATE:

Exploit code published for RDP worm hole


I don’t always post on Windows security updates, but when I do, it’s a Dos Equis near to my heart!  Do you use Remote Desktop?  Of course you do.  That’s why you need to install this update immediately:

MS12-020: Vulnerabilities in Remote Desktop could allow remote code execution

This is important for anyone running just about any version of Windows, but especially if you’ve got any machine exposing Remote Desktop directly to the internet (such as a Terminal Server).  Fortunately there is a mitigation for those who just cannot patch tonight: enable NLA for your Remote Desktop connections.RDP - Network Level Authentication

Read more here.

Hop to it!  Microsoft says not to wait for a normal patch-cycle on this one…

One thought on “Security Flaw in Remote Desktop

  1. Was reading up on this last night, a nasty vulnerability. I’d imagine people are working on a real-world exploit as we speak.

    This could lead to a nasty RDP worm too, so definitely worth patching internally.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s