[Microsoft]Proof-of-Concept Code available for MS12-020

Discussion in 'other security issues & news' started by ronjor, Mar 16, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,230
    Location:
    Texas
    https://blogs.technet.com/b/msrc/ar...e-available-for-ms12-020.aspx?Redirected=true
     
  2. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
    Thumbs for this, Ron :thumb:

    More on the POC (Proof of Concept), Microsoft offers bounty for RDP exploit.
     
    Last edited: Mar 16, 2012
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    https://threatpost.com/en_us/blogs/...stery-deepens-microsoft-remains-silent-031612
     
  4. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    This was patched on Tuesday. The Fix-It is for server admins who don't want to deploy a patch without properly testing it.

    If you want to read about the leak, go to the source:
    http://aluigi.org/adv/ms12-020_leak.txt
     
  6. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
    Despite the he-said-she-said :ouch: The threat is real.

     

    Attached Files:

    • RDP.jpg
      RDP.jpg
      File size:
      68.5 KB
      Views:
      36
    Last edited: Mar 17, 2012
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    A comment in a recent ISC Diary sums it up nicely:

    Why We Rated the MS12-020 Issue with RDP "Patch Now"
    http://isc.sans.edu/diary.html?storyid=12781
    On the other hand, as another commenter points out, it's a no-threat if the organization has proper perimeter security in place. (My translation: a System Administrator who is doing her/his job)

    Of course, with a Patch now released, the above should be moot.

    On the other hand #2: Remember Conficker -- that worm appeared on the scene 11 days after the patch for MS08-067 was released, and didn't peak until a few months later.

    (Translation offered free of charge: patches don't work unless they are installed.)

    ----
    rich
     
  8. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    A friend has setup my computer (it is windows 7 pro version). All is in grey?
    Does this mean everything is disabled and not vulnarable to the exploit?
     

    Attached Files:

  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,230
    Location:
    Texas
    https://www.networkworld.com/news/2...mes-security-info-sharing-program-257397.html
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,230
    Location:
    Texas
    If you keep your computer updated with Windows Update, you should be okay.
     
  11. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,549
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,230
    Location:
    Texas
    You're okay if you keep you Windows Updates current.
     
  13. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,549
    Thanks Ron.

    We're all set here then at work.

    Cheers! :cool:
     
  14. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://dankaminsky.com/2012/03/18/rdp/
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I agree with Dan 100%. Victim blaming is probably the most common trend in IT. "Well they clicked the link so they deserve it blah blah blah they didn't update the patch so they deserve it." It's ridiculous.
     
  16. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
  17. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    https://www.f-secure.com/weblog/archives/00002338.html
     
  18. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.