Knowledgebase
Microsoft Security Bulletin – Remote Desktop Vulnerabilities Could Allow Remote Code Execution
Posted by on 21 March 2012 01:37 PM

Microsoft have released a Security Bulletin (MS12-020) outlining some vulnerabilities in Microsoft’s RDP protocol implementation.

These vulnerabilities are important to take into consideration when using 2X ApplicationServer XG since connectivity can be established using the Microsoft RDP Protocol.

The security bulletin encourages Network Administrators to apply the update, as well as reconsidering and hardening the environment to avoid any vulnerability until the update is implemented.

The security update addresses two issues identified by Microsoft; the worst case scenario being the ability to execute remote code if an attacker sends a sequence of specially crafted RDP packets to an affected system.

Microsoft posted a closer look at this update available here which covers how to harden your environment by enabling Network Level Authentication.  There is also a Fixit Utility which can be deployed so that NLA is enabled on client machines.

Useful links:

1. Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

2. Closer look: http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx

3. How to configure NLA: http://technet.microsoft.com/en-us/library/cc732713.aspx

 

 


 

  • Please make sure that you are running the latest build. To find out what the latest version/build is, kindly visit the following link: http://www.2x.com/downloads/
  • Please note that in order to upgrade, you must have purchased the upgrade insurance, as licenses need to be upgraded in order to work on a later build.
  • To find out what is the version you currently have installed on your ThinClientServer, please open the console and check the currently installed version from the top right of your screen.
  • To find out what is the currently installed version of your 2X Application, please open the console and navigate to help>about.
  • Please kindly note that the issues and resolution presented on this article may be obsolete or no longer helpful with the latest version of your 2X Application. Should you require further assistance, please submit a ticket with Technical Support from the following link: http://2x.helpserve.com/index.php?_m=tickets&_a=submit
  • Please be aware that links related to 3rd parties like Microsoft, may sometimes be replaced or moved by the 3rd party itself.

 

(1 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: