Security Warning: Microsoft Windows Vulnerability

Discussion in 'Web Hosting' started by mointernet, Mar 15, 2012.

  1. mointernet

    mointernet Regular Member

    Apr 21, 2008
    Likes Received:
    just a headup for those whose Windows VPS running on Windows Server 2003 or 2008.

    Date: 3/15/2012
    Time: 12:00PM EST
    Location: ALL
    Services Affected: Windows Servers

    A vulnerability has recently been disclosed by Microsoft that involves
    all currently supported versions of Windows Server 2003 and Windows
    Server 2008. This vulnerability affects the Remote Desktop service and
    may allow an attacker to gain control over or crash an affected server.

    Operating systems other than Windows, such as Linux or FreeBSD, are not
    affected by this vulnerability.

    The problem is disclosed in the following bulletin:

    It is recommended that any affected customers immediately run Windows
    Update and reboot the server when it is directed. If any other critical
    updates are awaiting installation within Windows Update, it is
    recommended that they be installed as well to close other
    vulnerabilities that may exist in the Windows operating system.

    To update your system on Windows Server 2008:

    - Click on Start > Server Manager
    - Under the Security Information heading, click "Configure Updates"
    - From the left side, click "Check for Updates"
    - Once this step completes, click on "Install updates"
    - After the installation is finished, you will be prompted to restart
    the server. To apply the updates completely, this should be done as
    soon as possible.

    For Windows Server 2003, see:

    Microsoft recommends enabling automatic updates to ensure your system is
    patched regularly without requiring manual intervention. Please note
    that during an automatic update, your system will be rebooted if
    necessary, which will cause your services to be interrupted until the
    system finishes rebooting.

    To enable Automatic Updates on Windows Server 2008:

    - Click on Start > Server Manager
    - Under the Security Information heading, click "Configure Updates"
    - From the left side, click "Change settings"
    - Select "Install updates automatically (recommended)" from the
    Important Updates list box.
    - Select a schedule for "Install new updates" that is most appropriate
    for your server usage.
    - Click "OK"

    For Windows Server 2003, see:
  2. ddvv84

    ddvv84 Regular Member

    Mar 2, 2011
    Likes Received:
    Junior Network Admin P/T, Live Forex Trader
    BROOKLYN, New York
    If this is a complete remote injection exploit(as in nothing has to be enabled or a active session already established) their is going to be a LOT of problems.
    If their is a 0day already out for it(and im sure there has to be since MS found it, mean's someone's has already been running it and scanning.), all you would have to do is basically find some win2k8 ranges and just mass exploit that range and you'd have massive amounts of servers including their db's...
    Last edited: Mar 15, 2012
  3. obosor

    obosor Jr. VIP Jr. VIP

    Mar 15, 2012
    Likes Received:
    Home Page:
    Got email from Datacenter few hours ago. Although we are using linux on our boxes.