Urgent Patch for dangerous ‘Wormable’ RDP

March 14th, 2012 by Stephen Jones Leave a reply »

Microsoft released six new security bulletins yesterday for the March 2012 Patch Tuesday

One of those six is a very dangerous flaw in RDP (Remote Desktop Protocol) (remember  CodeRed, Nimda, and SQL Slammer?)   RDP allows remote access to systems–often to serversfor remote managmenet –and an exploit would not even require network credentials. This is also a very serious security issue for the millions of servers residing in public clouds where user-enabled RDP is likely to be the method for access.

Microsoft emphasizes in a Microsoft Security Response Center blog post that organizations using NLA (Network Level Authentication) are at significantly less risk. NLA adds an authentication layer that would make it much harder for an exploit of the RDP flaws to work.

The MS12-020 fix requires a server reboot,  and you may be  reluctant to apply patches without first testing these  so as a temporary workaround, Microsoft has developed a one-click, no-reboot Fix-It that enables NLA to mitigate the issue. 

Note: ,  NLA is only native on Windows Vista and later versionsi.e.  Windows 7, Windows Server 2008, and Windows Server 2008 R2. There is,  client software available to make NLA work with Windows XP if necessary.


Leave a Reply

You must be logged in to post a comment.