• Phone
  • Contact us
  • Locations
  • Search
  • Menu

share

  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Email this article
View or print a PDF of this page
.
Tackling the challenges of cyber security [iT1FHKzIMUc]
Close this video
 

Responding to the MS12-020 security vulnerability

On 13th March 2012, Microsoft released a security patch for the critical MS12-020 vulnerability relating to the remote desktop protocol (RDP). RDP allows users/administrators to remotely access their Windows servers or desktop over the network, and it is quite common to see organisations opening connections to this protocol on their firewall. The identified vulnerability allowed attackers to execute arbitrary commands on systems running vulnerable RDP services over the network which could lead to denial of service attacks, or worse, could lead to loss of sensitive data stored on the system. This issue affects almost all Microsoft operating systems

The vulnerability (CVE MS12-020) was discovered by an Italian researcher in May 2011 and it has taken Microsoft nearly a year to release the patch. While the security researchers are still working to put together an exploit to demonstrate this vulnerability, there are rumours that a working exploit is already known in the wild but not publicly accessible. This is the sort of the vulnerability which is typically used by a worm to propagate from one system to another and researchers believe that we may soon be seeing a worm exploiting this issue.

In order to protect themselves from the MS12-020 critical security vulnerability, organisations are advised to apply the Microsoft patch and take further action to ensure both the immediate and longer term security of their IT infrastructure.

Recommended actions:

Based on the advice from Microsoft and our own IT and network security expertise, we recommend that organisations:

  • install security patches from Microsoft as soon as possible – go to: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

  • block all traffic to RDP port (3389 by default) for systems that cannot be patched

  • restrict RDP access authorised personnel only, and to do so via IP address

  • conduct a network penetration test to ascertain whether your infrastructure is secured from any external /internal attackers.

    Our team of security experts stays abreast of all the latest vulnerability disclosures and exploits released on a day-to-day basis. After testing the exploits, these are incorporated into our proven penetration testing capability.

     

To find out more about securing your IT infrastructure and conducting penetration tests, please contact us now.

*****

References:

1. Microsoft Security TechCenter - http://technet.microsoft.com/en-us/security/bulletin/ms12-020
2. Microsoft’s response - http://blogs.technet.com/b/msrc/archive/2012/03/16/proof-of-concept-code-available-for-ms12-020.aspx  
3. Zero Day Initiative - http://www.zerodayinitiative.com/advisories/ZDI-12-044/
4. CVE - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0002
5. Luigi Auriemma’s Blog - http://aluigi.org/adv/ms12-020_leak.txt and http://aluigi.org/adv/termdd_1-adv.txt
6. Remote Desktop Protocol - http://en.wikipedia.org/wiki/Remote_Desktop_Protocol

Contact
Nick Newman
Defence and security
contact us now
Contact
Ritu Sharma
Defence and security
contact us now

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.

×