Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Got a Windows VPS? PATCH NOW

Got a Windows VPS? PATCH NOW

NickMNickM Member
edited March 2012 in General

There's a massive RDP vulnerability with a working exploit script. I figured I'd post the alert here, since I would imagine that most of the people here who have a Windows VPS are using RDP to manage it.

Lead Developer - HostGuard Control Panel

Tagged:
Thanked by 2Steve81 lbft

Comments

  • ThrustVPS mailed me about this.

    Proud member of the VPS Collectors Club

  • fuck, thanks for the advice, i will patch my company server

    Referral links: DigitalOcean referral link | Free 15GB with Copy | Get 500MB free with Dropbox | PM me if you WTB domains with Google Apps
  • MikHoMikHo Member

    According to MS its 'only' targetting windows without NLA enabled. Well... If NLA is enabled its a little harder to exploit.

    http://www.lowendguide.com/ - the guides to administer your lowend vps | Make money writing tutorials
    Free CPanel Shared Hosting Locations: Miami (US) | Rotterdam (NL)
  • JackJack Member

    Dear Customer,

    This is a notice of an active security alert which could pose a threat to your server with operating system of Microsoft Windows.

    Please see the alert below:

    "Yesterday, during Microsoft's Patch Tuesday they announced a patch for a critical vulnerability in Windows Remote Desktop. If exploited, the vulnerability would allow anyone to remotely run commands on your server.

    This bug affects all versions of Windows (XP - 7/2008 R2) If you have a server or workstation running RDP please patch it now. There currently is no known exploit, but Microsoft believes there will be one in the next 30 days. However, it is very likely there will be something sooner.

    A temporary fix is to enable NLA (Network Layer Authentication). This would require the attacker to have valid login credentials, however if successfully exploited the remote commands would run as the SYSTEM user and not the user authenticated."

    The patch is available from Windows Update and there are manual patches linked below.

    http://technet.microsoft.com/en-us/security/bulletin/ms12-020

    http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx

    --Pritell.com

  • I bet that patch is a hack Microsoft made, most their security patches are dirty little hacks.

    The Original Daniel.

  • @Daniel said: I bet that patch is a hack Microsoft made, most their security patches are dirty little hacks.

    Better than nothing.

  • Is there a way to test ? I have a server on a Shared host that i more of inherited rather than anything with limited access (FTP really)

    I mean i could download the expliot but i would prefer a quick / easy way if possible

  • @exussum said: download the expliot where you can download the exploit?

    Referral links: DigitalOcean referral link | Free 15GB with Copy | Get 500MB free with Dropbox | PM me if you WTB domains with Google Apps
  • InfinityInfinity Retired Staff

    @Daniel said: I bet that patch is a hack Microsoft made, most their security patches are dirty little hacks.

    Lots of companies do that.. If you think Microsoft is bad for that kinda stuff, check out the Antivirus companies.

    我是一个巨魔 (;

  • @notomx you should be able to find it on Google. not sure if i should link to it.

Sign In or Register to comment.