Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
Got a Windows VPS? PATCH NOW
There's a massive RDP vulnerability with a working exploit script. I figured I'd post the alert here, since I would imagine that most of the people here who have a Windows VPS are using RDP to manage it.
<b>Latest Post:</b> [Managing Consultants Access To Your Servers](http://www.nickmoeck.com/blog/managing-short-term-consultants-access-to-your-servers)<br />Unless otherwise specified, opinions posted are my own, not those of any person or company I work for
- 2008- © LowEndBox. Powered by Vanilla. All date/time in UTC.
- Follow @LowEndNetwork
Comments
ThrustVPS mailed me about this.
fuck, thanks for the advice, i will patch my company server
ThrustVPS mailed me about this too.
According to MS its 'only' targetting windows without NLA enabled. Well... If NLA is enabled its a little harder to exploit.
Dear Customer,
This is a notice of an active security alert which could pose a threat to your server with operating system of Microsoft Windows.
Please see the alert below:
"Yesterday, during Microsoft's Patch Tuesday they announced a patch for a critical vulnerability in Windows Remote Desktop. If exploited, the vulnerability would allow anyone to remotely run commands on your server.
This bug affects all versions of Windows (XP - 7/2008 R2) If you have a server or workstation running RDP please patch it now. There currently is no known exploit, but Microsoft believes there will be one in the next 30 days. However, it is very likely there will be something sooner.
A temporary fix is to enable NLA (Network Layer Authentication). This would require the attacker to have valid login credentials, however if successfully exploited the remote commands would run as the SYSTEM user and not the user authenticated."
The patch is available from Windows Update and there are manual patches linked below.
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx
--Pritell.com
I bet that patch is a hack Microsoft made, most their security patches are dirty little hacks.
Better than nothing.
Is there a way to test ? I have a server on a Shared host that i more of inherited rather than anything with limited access (FTP really)
I mean i could download the expliot but i would prefer a quick / easy way if possible
Lots of companies do that.. If you think Microsoft is bad for that kinda stuff, check out the Antivirus companies.
@notomx you should be able to find it on Google. not sure if i should link to it.