Microsoft RDP Vulnerability Wormable (MS12-036)

Yesterday Microsoft released their June 2012 security bulletin with a total of 7 advisories. Three of these are rated as critical and one in particular appears to be the type of vulnerability that could be exploited with a worm. MS12-036 addresses a vulnerability in the Remote Desktop Protocol (RDP) and does not require any intervention on the part of a user for exploitation. Moreover, the vulnerability can be used to execute remote code or cause a denial service attack. Any computer with RDP enabled is vulnerable including terminal servers. While RDP is not enabled by default on Windows systems, many organizations use it for remotely accessing their systems.

Remediation steps include blocking inbound traffic on port 3389 from untrusted networks, disabling terminal services and remote desktop if it is not required for a particular system, and of course, applying the patch from Microsoft. Hopefully, this vulnerability will not turn into another Code Red type worm that was so devastating back in 2001. Don’t take any chances. Address this vulnerability now.

Leave a Reply

Your email address will not be published. Required fields are marked *