佳信科技 发表于 2012-3-19 20:54:41

KT发来的提醒:微软修复远程桌面高危漏洞

Microsoft RDP Vulnerability

Dear Resellers -

Microsoft recently released a Security Patch for a Remote vulnerability in the Remote Desktop Protocol. The vulnerability allows for remote code execution by an attacker without requiring authentication and thus has all the ingredients for a class worm virus. On March 15th, 2012 a proof of concept exploiting this vulnerability has already been released by securitylab.ru. We urge you to apply the patch for the vulnerability as soon as possible.

On the following page you can find more information regarding this Remote Vulnerability and instructions on how to patch this security issue.

- http://technet.microsoft.com/en-us/security/bulletin/ms12-020

Through Windows Update you are also able to patch this Security risk.

APPLIES TO:
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
- Windows XP
- Windows Vista
- Windows 7

We strongly recommended you change passwords of all your Remote Desktop Accounts after applying the Security Update. Additionally if you are connected behind a firewall we advise you to restrict connections to your RDP port and/or set RDP to accept connections on a different port than 3389.

Krypt strongly recommends that all users use the FREE Dome9 trial for 21 days to restrict remote access into your server. The Dome9 trial can be can be activated under each Server in https://my.krypt.com

http://www.krypt.com/solutions/security/

Reference: https://my.krypt.com/blog/article/?id=45

thank you,
KPP

佳信科技 发表于 2012-3-19 20:58:13

网上的新闻报道:

今天是微软的例行月度安全补丁更新日,我们又看到了一堆补丁和漏洞,不过其中一个值得特别关注一下,微软也专门撰文,提请大家予以特别关照。

这个特殊漏洞是MS12-020 KB2671387修复的两个漏洞之一,编号CVE-2012-002,是一个高危级别的远程代码执行缺陷,存在于远程桌面协议(RDP)之中,影响所有版本的Windows系统。

因为自身的特殊性,RDP一般都是可以绕过防火墙的,而且该服务在几乎所有平台上都默认以SYSTEM身份运行于内核模式。微软发现,其中的一个漏洞可以直接允许远程攻击者很轻松地执行任意代码,进而获取主机和客户端系统的最高权限。

微软也提到了两种可以幸免的例外情况,一是开启终端服务网关(TSG)的服务器,二是使用了RemoteFX远程桌面功能的Windows Server 2008 R2 SP1,它们都不受影响。

如果愿意,用户还可以开启远程桌面的网络级别认证(NLA)服务,要求在与远程桌面服务器建立会话连接之前进行身份确认。这时候漏洞依然存在,并且可以利用,但必须通过身份认证才行。

微软表示,这个漏洞是秘密上报的,而且RDP在系统中默认关闭,所以目前还没有发现攻击现象,但因为问题严重,预计未来三十天内就会出现攻击代码。

需要使用远程桌面功能的用户还请尽快更新编号KB2621440、KB2667402两个补丁,其中Windows XP/Vista/Server 2003/Server 2008只需要更新第一个即可。

aijusq 发表于 2012-3-19 21:01:02

蓝屏EXP都出了

老中医 发表于 2012-3-19 21:05:52

建议把系统自动更新补丁打开,今天有客户关闭了自动更新补丁,中这招了。
页: [1]
查看完整版本: KT发来的提醒:微软修复远程桌面高危漏洞