[Micronet] RDP Vulnerabilities Urgent!

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] RDP Vulnerabilities Urgent!

Luke Rockwell

Summary: There’s a remote, pre-authentication, network-accessible code execution vulnerability in Microsoft’s implementation of the RDP protocol.

 

Attention Microsoft Windows administrators: Stop what you’re doing and apply the new — and very critical — MS12-020 update.

Microsoft is warning that there’s a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol.

From the bulletin:

A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run abitrary code on the target system. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.

The vulnerability, which affects all versions of Windows, was privately reported to Microsoft’s via the ZDI vulnerability broker service and the company said it was not yet aware of any attacks in the wild.

Although RDP is disabled by default, Microsoft is urging all Window users to treat this issue with the utmost priority.

http://technet.microsoft.com/en-us/security/bulletin/ms12-020


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] RDP Vulnerabilities Urgent!

Jeff Anderson-Lee
Win7: Control Panel > System > Remote Settings > Don't allow connections to this computer.

Just Say NO.

Jeff Anderson-Lee

On 3/14/2012 9:24 AM, Luke Rockwell wrote:

Summary: There’s a remote, pre-authentication, network-accessible code execution vulnerability in Microsoft’s implementation of the RDP protocol.

 

Attention Microsoft Windows administrators: Stop what you’re doing and apply the new — and very critical — MS12-020 update.

Microsoft is warning that there’s a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol.

From the bulletin:

A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run abitrary code on the target system. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.

The vulnerability, which affects all versions of Windows, was privately reported to Microsoft’s via the ZDI vulnerability broker service and the company said it was not yet aware of any attacks in the wild.

Although RDP is disabled by default, Microsoft is urging all Window users to treat this issue with the utmost priority.

http://technet.microsoft.com/en-us/security/bulletin/ms12-020



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] RDP Vulnerabilities Urgent!

Allison Henry

FYI additional information and mitigations for this vulnerability have
been posted to the ucb-security mailing list. I would encourage anyone
who is responsible for the security of campus systems to join the list,
in order to receive security alerts as well as other important
information concerning campus IT security programs.

I have also posted some information on MS12-020 to the Berkeley Security
website:

https://security.berkeley.edu/node/278

In addition to immediate patching, the article includes some mitigations
that can help protect systems running RDP. Thanks all,

Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

On 3/14/2012 11:43 AM, Jeff Anderson-Lee wrote:

> Win7: Control Panel > System > Remote Settings > Don't allow connections
> to this computer.
>
> Just Say NO.
>
> Jeff Anderson-Lee
>
> On 3/14/2012 9:24 AM, Luke Rockwell wrote:
>>
>> */Summary:/**/ /*/There’s a remote, pre-authentication,
>> network-accessible code execution vulnerability in Microsoft’s
>> implementation of the RDP protocol./
>>
>>  
>>
>> Attention Microsoft Windows administrators: Stop what you’re doing and
>> apply the new — and very critical — MS12-020
>> <http://technet.microsoft.com/en-us/security/bulletin/ms12-020> update.
>>
>> Microsoft is warning that there’s a remote, pre-authentication,
>> network-accessible code execution vulnerability in its implementation
>> of the RDP protocol.
>>
>> From the bulletin:
>>
>> /A remote code execution vulnerability exists in the way that the
>> Remote Desktop Protocol accesses an object in memory that has been
>> improperly initialized or has been deleted. An attacker who
>> successfully exploited this vulnerability could run abitrary code on
>> the target system. An attacker could then install programs;
>> view,change, or delete data; or create new accounts with full user
>> rights./
>>
>> The vulnerability, which affects /all versions of Windows/, was
>> privately reported to Microsoft’s via the ZDI vulnerability broker
>> service and the company said it was not yet aware of any attacks in
>> the wild.
>>
>> Although RDP is disabled by default, Microsoft is urging all Window
>> users to treat this issue with the utmost priority.
>>
>> http://technet.microsoft.com/en-us/security/bulletin/ms12-020
>>
>>
>>
>>  
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] RDP Vulnerabilities Urgent!

Rune Stromsness
One additional note for the public list.  According to:

http://www.zdnet.com/blog/security/exploit-code-published-for-rdp-worm-hole-does-microsoft-have-a-leak/10860

There is now active working proof-of-concept code widely available to
attackers, and everyone believes that real attacks will be widespread
well before the end of this weekend.

The Internet Storm Center has raised their threat level to yellow:
        http://isc.sans.edu/index.html

Please be sure that your system is patched or remote desktop is
completely turned off before leaving for the weekend...


Rune


On 14-Mar-12 12:15, Allison Henry wrote:

> FYI additional information and mitigations for this vulnerability have
> been posted to the ucb-security mailing list. I would encourage anyone
> who is responsible for the security of campus systems to join the list,
> in order to receive security alerts as well as other important
> information concerning campus IT security programs.
>
> I have also posted some information on MS12-020 to the Berkeley Security
> website:
>
> https://security.berkeley.edu/node/278
>
> In addition to immediate patching, the article includes some mitigations
> that can help protect systems running RDP. Thanks all,
>
> Allison Henry
> System and Network Security
> University of California, Berkeley
> http://security.berkeley.edu
>
> On 3/14/2012 11:43 AM, Jeff Anderson-Lee wrote:
>> Win7: Control Panel > System > Remote Settings > Don't allow connections
>> to this computer.
>>
>> Just Say NO.
>>
>> Jeff Anderson-Lee
>>
>> On 3/14/2012 9:24 AM, Luke Rockwell wrote:
>>>
>>> */Summary:/**/ /*/There’s a remote, pre-authentication,
>>> network-accessible code execution vulnerability in Microsoft’s
>>> implementation of the RDP protocol./
>>>
>>>  
>>>
>>> Attention Microsoft Windows administrators: Stop what you’re doing and
>>> apply the new — and very critical — MS12-020
>>> <http://technet.microsoft.com/en-us/security/bulletin/ms12-020> update.
>>>
>>> Microsoft is warning that there’s a remote, pre-authentication,
>>> network-accessible code execution vulnerability in its implementation
>>> of the RDP protocol.
>>>
>>> From the bulletin:
>>>
>>> /A remote code execution vulnerability exists in the way that the
>>> Remote Desktop Protocol accesses an object in memory that has been
>>> improperly initialized or has been deleted. An attacker who
>>> successfully exploited this vulnerability could run abitrary code on
>>> the target system. An attacker could then install programs;
>>> view,change, or delete data; or create new accounts with full user
>>> rights./
>>>
>>> The vulnerability, which affects /all versions of Windows/, was
>>> privately reported to Microsoft’s via the ZDI vulnerability broker
>>> service and the company said it was not yet aware of any attacks in
>>> the wild.
>>>
>>> Although RDP is disabled by default, Microsoft is urging all Window
>>> users to treat this issue with the utmost priority.
>>>
>>> http://technet.microsoft.com/en-us/security/bulletin/ms12-020
>>>
>>>
>>>
>>>  
[...]



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

signature.asc (268 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] RDP Vulnerabilities Urgent!

Donald A Patterson
In reply to this post by Allison Henry
Darlene ---

You use RDP to get to your Davis Hall machine remotely.  We should make sure
you have the latest Microsoft patches.  Some information came around today
that suggests unpatched systems may well be cracked by the end of the
weekend. If you cannot do this, let me know.  We can coordinate a time for
you to logout and I can run the windows updates for you.

 --- Don P
510-665-3530
[hidden email]


On Wed, 14 Mar 2012, Allison Henry wrote:

>
> FYI additional information and mitigations for this vulnerability have
> been posted to the ucb-security mailing list. I would encourage anyone
> who is responsible for the security of campus systems to join the list,
> in order to receive security alerts as well as other important
> information concerning campus IT security programs.
>
> I have also posted some information on MS12-020 to the Berkeley Security
> website:
>
> https://security.berkeley.edu/node/278
>
> In addition to immediate patching, the article includes some mitigations
> that can help protect systems running RDP. Thanks all,
>
> Allison Henry
> System and Network Security
> University of California, Berkeley
> http://security.berkeley.edu
>
> On 3/14/2012 11:43 AM, Jeff Anderson-Lee wrote:
> > Win7: Control Panel > System > Remote Settings > Don't allow connections
> > to this computer.
> >
> > Just Say NO.
> >
> > Jeff Anderson-Lee
> >
> > On 3/14/2012 9:24 AM, Luke Rockwell wrote:
> >>
> >> */Summary:/**/ /*/There’s a remote, pre-authentication,
> >> network-accessible code execution vulnerability in Microsoft’s
> >> implementation of the RDP protocol./
> >>
> >>  
> >>
> >> Attention Microsoft Windows administrators: Stop what you’re doing and
> >> apply the new — and very critical — MS12-020
> >> <http://technet.microsoft.com/en-us/security/bulletin/ms12-020> update.
> >>
> >> Microsoft is warning that there’s a remote, pre-authentication,
> >> network-accessible code execution vulnerability in its implementation
> >> of the RDP protocol.
> >>
> >> From the bulletin:
> >>
> >> /A remote code execution vulnerability exists in the way that the
> >> Remote Desktop Protocol accesses an object in memory that has been
> >> improperly initialized or has been deleted. An attacker who
> >> successfully exploited this vulnerability could run abitrary code on
> >> the target system. An attacker could then install programs;
> >> view,change, or delete data; or create new accounts with full user
> >> rights./
> >>
> >> The vulnerability, which affects /all versions of Windows/, was
> >> privately reported to Microsoft’s via the ZDI vulnerability broker
> >> service and the company said it was not yet aware of any attacks in
> >> the wild.
> >>
> >> Although RDP is disabled by default, Microsoft is urging all Window
> >> users to treat this issue with the utmost priority.
> >>
> >> http://technet.microsoft.com/en-us/security/bulletin/ms12-020
> >>
> >>
> >>
> >>  
> >> -------------------------------------------------------------------------
> >> The following was automatically added to this message by the list server:
> >>
> >> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >>
> >> http://micronet.berkeley.edu
> >>
> >> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
> >
> >
> >
> >  
> > -------------------------------------------------------------------------
> > The following was automatically added to this message by the list server:
> >
> > To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
> >
> > http://micronet.berkeley.edu
> >
> > Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.