Home page logo

bugtraq logo Bugtraq mailing list archives

RE: Regarding MS12-020
From: Jim Harrison <Jim () isatools org>
Date: Tue, 20 Mar 2012 20:28:18 +0000

Gee, Tim - someone might think you had an axe to grind <ducks swinging keyboard>...
I know; Thor has a hammer, but it still works (barely).

One thing worth mentioning is that there is no mitigation for those who are still stuck using WS03, since NLA doesn't 
exist prior to Vista.
Those deployments are also great examples of what happens when layer-8 is the primary motivating factor in the security 
choices you make.


-----Original Message-----
From: Thor (Hammer of God) [mailto:thor () hammerofgod com] 
Sent: Tuesday, March 20, 2012 8:12 AM
To: 'bugtraq () securityfocus com'
Subject: Regarding MS12-020

PoC code for MS12-020 (RDP) is obviously floating about, and many are still worried about worm activity from this.

One of my criticisms about this industry is that rarely is mitigation information shared or discussed; people seem to 
concentrate on breaking and not preventing exploitation.  I wanted to point out that anyone who followed the processes 
or techniques in my RDP chapter of Thor's Microsoft Security Bible (or used the tool I wrote for RDP access) would have 
been automatically protected from this vulnerability.  That is not a point of ego, just a point of fact. 

If you are concerned with RDP security, as you should be, you can read most (if not all) of Chapter 7 for *free* using 
the Amazon "preview a page" feature.  If the RDP vulnerabilities have caused you any level of concern, then I suggest 
you do.  Like I said on the FD list, I'm far more concerned with making sure people get the information they need (for 
free of course) than I am trying to earn a buck - anyone who knows me knows I've always freely shared all information 
in an effort to contribute to security.

The first think I will tell you is to always use NLA (network level authentication).  It can be a very powerful way to 
obviate exploitability.  The rest of the information is all right there gratis for your viewing pleasure.  

If you are in a pinch and need help with any of this, I'll try my best to help if you want to ping me offline.   Thanks.

Timothy "Thor"  Mullen

There's no need to think outside the box if you don't think yourself into to start with. 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]