Vulnerabilities Plague Microsoft Windows Servers Remote Desktop Protocol (RDP) Port 3389

Microsoft warns of yet another CRITICAL vulnerability and advises customers to act quickly. Dome9 customers remain protected.

In what’s become a somewhat routine occurrence, Microsoft has issued yet another alert detailing a critical operating system vulnerability affecting it’s customers — CVE-2012–0173. Read the Microsoft security bulletin

Similar to others before it, including the announcement of CVE-2012–0002 (March, 2012) and the Morto worm, CVE-2012–0173 provides attackers with remote access via Remote Desktop Protocol (RDP) across all Microsoft’s Operating Systems on any VPS, Dedicated and Cloud Server where RDP port 3389 is set to open and respond to any inbound request.

For AWS, CVE-2012–0173 is of particular concern, because Amazon employs a more sophisticated policy architecture called EC2 Security Groups, which empower administrators with firewalling at the virtualization layer for groups of instances, not just one. This means that for many AWS customers, their entire group of Windows instances is likely exposed to CVE-2012–0173, and any other yet unknown vulnerability. Read a whitepaper on securing AWS EC2 instances

Securing your Windows cloud servers or AWS EC2 instances

If you’re running Windows Server 2000, 2003, or 2008 in AWS or any other cloud, close RDP port 3389 to all inbound IPs on your firewall or EC2 Security Groups. Then, to enable secure access for only those you authorize, use either our free Dome9 Lite Cloud or the Dome9 Business Cloud to get on-demand access, and enjoy protection available previously only to enterprises running expensive dedicated security appliances.

In just under 5 minutes you can get complete protection against this and any future RDP vulnerabilities utilizing your servers built-in firewall remotely controlled by Dome9. Dome9 automatically open and closes any server port, but only when and for whom you authorize. Try Dome9 for free at https://secure.dome9.com/account/register?code=RDP-hell-help.

With Dome9 you can keep all your service ports closed and, with just the click of a button, open any specified port for any authorized user. Dome9 dynamically maps the IP address of those you authorize, on-the-fly. This means you don’t have to leave ports open for “trusted” IP addresses, which can be spoofed, and your servers aren’t exposed. What’s more, any yet unknown vulnerabilities don’t present a threat since they can’t be exploited by hackers.

Want to learn more about securing your Windows Servers and locking down Remote Desktop Protocol (RDP) port 3389? Get Dome9 now!