Sophos Cloud Optix
Listen up, this one is serious.
There is a critical vulnerability in many versions of Windows, which could be exploited to spread a worm automatically between vulnerable computers.
Microsoft has issued a patch, urging owners of vulnerable PCs to fix their computers as a matter of urgency.
The vulnerability lies in a part of Windows called the Remote Desktop Protocol (RDP) and could allow malicious hackers to run code – without the users’ permission. That’s obviously much more serious than a vulnerability which relies upon a user to click on an attachment, or be tricked into running a piece of code.
The security hole affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8.
The nature of the vulnerability, and the fact that it impacts such a wide range of Windows computers, makes it very attractive to attackers.
In a blog post, Microsoft predicted that an exploit would be created for the vulnerability within 30 days:
"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."
If Microsoft is prepared to say something like that, you really should sit up and pay attention.
The good news is that by default, RDP is not enabled on Windows, and if RDP is disabled you’re not at risk. The bad news is that RDP has been frequently enabled by IT teams inside enterprises.
Microsoft is strongly encouraging Windows users to apply the MS12-020 security patch, but if your company cannot roll it out in a timely fashion has published information about other methods of reducing the chances of a threat impacting your organisation.
Image of worm courtesy of Shutterstock.
Nowhere on my Windows 7 64 bit system is there a window like above. I cannot find any setting to remove permission for removing rights to Remote Access. I can find Remote Assistance – and if this IS the same thing – it was enabled by default on my system. But somehow "access" and "assistance" don't seem the same. One would imply Windows could help me (tech), while the other is accessing my computer by an outsider? Such as myself when at work accessing my home computer? How does Windows 7 allow such access – and where did they hide it at?
O Win7 The window can be found in control panel, system and security, then under the system heading and remote access.
its in system properties click on remote setting un check the allow remote assistance check box and then apply
Right click on the "my computer" icon on your desktop, then properties, and remote settings.
I cannot find system properties on xp:(
Similar for XP to other instructions:
Right click My Computer icon on desktop, click Properties. This brings up the System Properties window.
If you don’t have that icon on desktop, same can be found by Start+E to open Windows Explorer, then you can right-click the My Computer icon in the left folder pane, and click Properties.
For Windows 7, find Control Panel, choose System and Settings, and under System you should see a link about Allow Remote Access. Clicking that link takes me to the screen shown
Remote Desktop is not available for Home Premium and lower. As you said, only Remote Assistance is available.
Hi – FYI in most versions of windows (if not all) the quickest way into system properties is the keyboard shortcut "Windows Key + Pause/Break"
In Windows 7 64 bits, in the control panel look at System and Security, then System, then option Remote settings to the left and you'll find the option to activate or deactivate The Remote Assistance thing. Thank God I checked cause mine was on even though I never did it so my guess is that many people also have it enabled without knowing.
Theres nothing on the microsoft website so I don't know where this warning has been issued…………. a con maybe?
Yes it's a big con. Please don't do anything to patch this vulnerability.
If you change your mind however, you can find all the information here: http://technet.microsoft.com/en-us/security/bulle…
Are you saying we should set our systems box up to copy the box above?
If you look closely, those are the default settings. You can get to this screen through the Control Panel. To get to the screenshot shown above do the following: Start—>Control Panel. Double click on System, then click on the Remote tab. Uncheck the box and click on “Don’t Allow Connections To This Computer” then click on OK. By doing this, you’ll be protected.
I just find mine by going to Control Panel > System and then on the upper left I select "Remote Settings".
Hope that helps!
Or if you use the category view, System and Security > System
easier than that is to go to your side bar,go to services, scroll down and find the remote procedures, you can take it from there.
This is very true, someone accessed my laptop the other day. I heard them say something like oh shoot. smh….
There's already an exploit out (took a few hours, not 30 days) which binds cmd.exe to port 4444 on the remote box. This has worm written all over it.
Either
1. Turn off Remote Desktop completely
2. Apply the patch that's listed in this article (find your Windows version): http://technet.microsoft.com/en-us/security/bulle…
3. Turn on Network Level Authentication as shown above..
Looking at the screenshots, those are the default settings. Under all versions of Windows, Remote Assistance is on by default. Simply unchecking the box and selecting “Don’t Allow Connections To this computer” will protect you. Remote Desktop is off by default, and should be left off, unless needed. Nonetheless, this vulnerability should be taken seriously. I urge all users of Windows to pay attention to this.
upon doing this, would it effect my connections with my online college classes?
People People… its pretty easy. Click on the link that is titled MS 12-020 020 and then select your OS. From there just follow the links. If you need more help… let me know.
what with the string of letters and numbers under computer info? i have windows 7, service pack 11, and a 64-bit system..
what's with the string of letters and numbers under the operating system? such as (KB2667402)?
People…………… click on the link MS 12-020. Then select your OS. It takes but a minute or two to process the update.
People… go to the link MS 12-020 and click on your OS.
The remote desktop options remote desktop is only included in the Professional, Business, or Ultimate versions of Windows. Home editions do not have remote desktop.
http://www.howtogeek.com/howto/windows-vista/turn…
They only have Remote Assistance, which is enabled by default, as seen in the following page
http://en.kioskea.net/faq/14521-windows-7-disable…
Wanted to add that Home Premium users will only see the first box (and NOT the remote desktop),
so, wait, is this going to affect general users (like home computers) or more like organizations?
Microsoft has issued a patch, urging owners of vulnerable PCs to fix their computers as a matter of urgency.
should i be worried about my personal computer and download the patch??
Just run Windows Update and install everything and you’ll be fine.
yes if you are running XP, Vista or Win7/8
I'm pretty sure if you installed all the updates that came out this Tuesday, March 13, 2012, you are all set (since the patch for this vulnerability came with other patches this Tuesday).
upgrade to CentOS, Redhat or Ubuntu.
In Windows XP, also go to Control Panel>Windows Firewall>Exceptions. Make sure
that Remote Assistance and Remote Desktop are unchecked in your firewall!
Are you at risk if you are behind a router? As fast as I know, to get RDP working through a router, you have to manually open a port.
In Windows XP, there is RDP. Go to Start>Programs>Accessories>Remote Desktop
Connection. The RDP window opens where you can disable settings.
In the Programs tab, the box to start a program should be unchecked with no data in
the field.
In the Advanced tab, under Server authentication, change the verification policy using
the triangle to "Do not connect."
Under "Connect from anywhere" click on Settings, the TS Gateway window opens.
Under "Connection settings" change the TS Gateway to "Do not use a TS Gateway
server" to close this port and decrease the attack surface. Click on OK when done,
and restart your computer.
Backdoor: Isass.exe hit my laptop already I cannot boot up, I do not have a start button. reading is Access denied. How can I boot my laptop up or how can I get my start button back? Please Help!!
Take it to a certified tech. if you dont know how to repair a pc then don't, you will probably mess up the pc worse try to do it yourself. I repair pc's and don't know how many times people come in only after they totally screwed the pc up.
Microsoft has offered an automated "Fix-It" solution to the related Desktop Protocol
Session Vulnerability I commented about earlier, giving you the settings in Windows
XP. These also work for Windows Vista.
http://blogs.technet.com/b/srd/archive/2012/03/13…
Links for the Microsoft "Fix-It" solutions can be found on this page above, together
with more information about the processes, vulnerabilities and threat mitigation.
Use a Mac instead! Why torture yourselves with Microsoft Windows junk?!
From what I just read MAC users aren't as secure as they blindly believed they were and there is a major issue out right now that is showing mac users that they got a bit too comfy and confident…….
You can easily reach the window, mentioned in this article, two ways. You can enter sysdm.cpl in the Run [programs] window from of the Start button on the Windows toolbar. Or, if you have a "My Computer" icon on your Windows desktop; right-click on the icon, scroll down to "Properties" then click on the "Remote" tab.