Update: Serious Vulnerability in Microsoft Remote Desktop

Please take note of the following urgent security message. Where possible, please help to make affected users aware of this change and support them in using the VPN service.

Last week, Microsoft announced a very serious vulnerability with the Microsoft Remote Desktop Protocol (MS RDP), a protocol that provides remote display and input capabilities over network connections for Windows-based applications running on a server. Though Microsoft has also issued a patch for the primary vulnerability, the severity of the potential impact related to unpatched systems at Penn State is significant. As a result, Penn State will begin blocking incoming port 3389 on Wednesday, March 21, 2012.

MS RDP, by default, uses port 3389, and this port is open at the University and is continually scanned by attackers. Normally attackers are attempting to guess a valid username and password on the machine. This is of particular concern because a working exploit could turn into a self spreading worm that infects all unprotected Windows systems running Remote Desktop.

While users can still use MS RDP after the block, he/she will need to use the Penn State\’s Virtual Private Network (VPN) in order to do so. See: http://kb.its.psu.edu/node/891

Additional information about this vulnerability is found in the ITS Alert at: http://alerts.its.psu.edu/alert-2262/

Inquiries and requests for assistance regarding this vulnerability should be directed to security@psu.edu.

More information: Update: Serious Vulnerability in Microsoft Remote Desktop

Story added 20. March 2012, content source with full text you can find at link above.