Jump to content
RESET Forums (homeservershow.com)

WARNING: MAJOR FLAW IN RDP


ikon
 Share

Recommended Posts

According the MS article, there is currently only a 'workaround' to 'reduce' vulnerability; the real fix is to come.

It actually was fixed. KB2621440 is the fix, and it was installed on Updates Tuesday (among several others). This one applies to XP, Vista, 2003, 2008, 2008 R2 and WHS v1 and 2011. KB2667402 was also released, although it applies to a smaller set of systems. MS12-020 and CVE-2012-0002 talk about them.

 

So if you receive updates automatically via Windows Update, check your Update History and at a minimum you should see KB2621440 in there. I believe KB2667402 only applies to Windows 7 and later.

Link to comment
Share on other sites

It actually was fixed. KB2621440 is the fix, and it was installed on Updates Tuesday (among several others). This one applies to XP, Vista, 2003, 2008, 2008 R2 and WHS v1 and 2011. KB2667402 was also released, although it applies to a smaller set of systems. MS12-020 and CVE-2012-0002 talk about them.

 

So if you receive updates automatically via Windows Update, check your Update History and at a minimum you should see KB2621440 in there. I believe KB2667402 only applies to Windows 7 and later.

 

Good. I did apply some updates a day or 2 ago to both of my systems that have RDP enabled. I wasn't aware that KB2621440 is an actual fix; it sorta sounded like it was still the workaround. Thanks for the update.

Link to comment
Share on other sites

Good. I did apply some updates a day or 2 ago to both of my systems that have RDP enabled. I wasn't aware that KB2621440 is an actual fix; it sorta sounded like it was still the workaround. Thanks for the update.

Our company shoved that one down on us pretty quick. Normally they don't do that with patches right away. The internal software organization likes to vet MS patches before deploying them, so we usually don't get them until at least several weeks later, sometimes a month or two. But emails flew and they slammed this one down on everyone who didn't get it from Windows Update.

 

I'm sure if it's just a workaround, MS will release the real deal as an out-of-band patch, but in reading the description it sounded more like a fix than a workaround.

Link to comment
Share on other sites

Our company shoved that one down on us pretty quick. Normally they don't do that with patches right away. The internal software organization likes to vet MS patches before deploying them, so we usually don't get them until at least several weeks later, sometimes a month or two. But emails flew and they slammed this one down on everyone who didn't get it from Windows Update.

 

So does your organisation have RDP enabled on all your desktops? If so, it's a bit unusual.

 

Also, I think that most organisations vette MS patches before deploying them to their population of desktops. From what I've seen, it's SOP almost everywhere.

 

I'm sure if it's just a workaround, MS will release the real deal as an out-of-band patch, but in reading the description it sounded more like a fix than a workaround.

 

I suspect you're right and it is a fix. I checked both of my systems and they do have it. Whew! :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...