Windows server has been blasting the high-risk remote code execution vulnerability - MS12-020 Microsoft of the vulnerability level is set at the highest level - severe (Critical), the attacker can send a particular packet to the remote desktop port (port 3389)access to administrator privileges.
History on the same level of vulnerability caused tremendous damage and loss. In 2004, MS04-011 vulnerability to cause the attacker remote 445 port to send a particular packet, and execute permissions and dissemination of virus. Rely on the dissemination of this vulnerability Sasser virus to cause paralysis of the global large number of computers. In 2002, the Windows RPC vulnerability that the attacker remote control server through port 135. Lead to large numbers of computers around the world rely on the propagation of shock waves of this vulnerability virus automatic shutdown cheap cell phone cases .
Windows RDP service vulnerability allows an attacker to control user server or cause a blue screen, once widely used, not only will the impact of the normal application of this server is running, but also make the server exclusively as a tool for hackers to control the use of, the entire Internet is causing greater harm cellphone accessories wholesale .
Microsoft said most customers to enable the automatic updates, they do not have to take any action. But many of the Windows server is not turned on in the course of "Automatic Updates" security Po, suggesting that the server administrator immediately download and install the official patch, to avoid the losses suffered due to the vulnerability. At the same time, the majority of the server administrator can detect the server whether there is the risk of this vulnerability.
Security Po pointed out that there are loopholes in the file is rdpwd.sys loopholes is HandleAttachUserReq () function. If an attacker sent to the affected system a series of specially designed the RDP (Remote Desktop the Protocol Remote Desktop Protocol) packets, this vulnerability could allow remote code execution cellphone cases wholesale .
No comments:
Post a Comment