The exploit code for the dangerous vulnerability in Microsoft Remote Desktop Protocol(RDP) has been released in the wild. Currently, the exploit code remotely causes the target computer to blue screen, but it won't be long before someone figures out how to make it run arbitrary codes. *All* versions of Windows are affected.
MS12-020 was patched by Microsoft this Tuesday. Windows machines on the LSU domain with default Windows Update policy should have already installed the patch automatically and rebooted. However, please make sure that your critical servers and workstations have this patch and got rebooted.
In addition, it is highly recommended that you restrict RDP port 3389/TCP on all Windows machines that you manage to specific machines or subnet(s). This will cut down on the attack surface for this vulnerability as well as the RDP brute force attacks that we experience constantly. On Windows Vista, 7, Server 2008, 2008R2, network level authentication should be enabled for RDP.
For more information, please visit:
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://aluigi.org/adv/ms12-020_leak.txt
http://www.scmagazine.com.au/News/293996,rdp-proof-of-concept-triggers-blue-screen-of-death.aspx
As always, if you have any questions or concerns, please feel free to contact us (its-security@lsu.edu).