Microsoft recently released a Security Patch for a Remote vulnerability in the Remote Desktop Protocol. The vulnerability allows for remote code execution by an attacker without requiring authentication and thus has all the ingredients for a class worm virus. On March 15th, 2012 a proof of concept exploiting this vulnerability has already been released by securitylab.ru. We urge you to apply the patch the vulnerability as soon as possible.
On the following page you can find more information regarding this Remote Vulnerability and instructions on how to patch this security issue.
Through Windows Update you are also able to patch this Security risk.
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
- Windows XP
- Windows Vista
- Windows 7
We strongly recommended to change passwords of all your Remote Desktop Accounts after applying the Security Update. Additionally if you are connected behind a firewall we advise you to restrict connections to your RDP port and/or set RDP to accept connections on a different port than 3389.
If you have any questions please contact us at email@example.com.
ProHosterz Security Team
Friday, March 16, 2012