Vulnerabilities in Remote Desktop Could Allow Remote Code Execution

Visit the front pageVisit your profilePublish a blog post

Vulnerabilities in the Remote Desktop Protocol could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.

Microsoft published Tuesday, March 13, 2012 on Security Bulletin MS12-020 that The security update addresses the vulnerabilities by modifying the way that the Remote Desktop Protocol processes packets in memory and the way that the RDP service processes packets.

A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. An attacker who successfully exploited this vulnerability could run abitrary code on the target system. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights.

TCP port 3389 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability.

 

Published by:

siavash's picture

Name
siavash

Country
NL