Microsoft recently released a Security Patch for a Remote vulnerability in the Remote Desktop Protocol. The vulnerability allows attacker to remotely code execution without authentication and thus has all the ingredients for a class worm virus. On March 15th, 2012 a proof of concept exploiting this vulnerability has been released. We urge you to apply the patch for the vulnerability as soon as possible.
On the following page you can find more information regarding this Remote Vulnerability and instructions on how to patch this security issue.
Through Windows Update you are also able to patch this Security risk.
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
- Windows XP
- Windows Vista
- Windows 7
We strongly recommended to change passwords to all your Remote Desktop Accounts after applying the Security Update. Additionally, if you are connected behind a firewall we advise you to restrict connections to your RDP port and/or set RDP to accept connections on any port other than 3389.