Windows Server was recently exploded with high-risk remote code execution vulnerabilities ms12-020

Source: Internet
Author: User
Keywords High-risk vulnerabilities
Tags automatic updates bulletin code code execution vulnerability desktop high high-risk vulnerabilities microsoft

Windows Server has recently been hit by a high-risk remote code execution vulnerability--ms12-020, Microsoft has set the level of vulnerability to the highest-severity (unacknowledged), an attacker can obtain administrator privileges by sending a specific packet to the Remote Desktop port (port number 3389).

The same level of loopholes in history has caused great harm and loss. In 2004, the Bulletin vulnerability could allow an attacker to send a specific packet to the 445 port remotely, gain execution privileges, and spread the virus. The shock wave virus, which is spread by this vulnerability, has paralyzed a large number of computers worldwide. Windows RPC Vulnerability in 2002 caused an attacker to remotely control the server through 135 ports. The shock wave virus that relies on this vulnerability has led to a large number of computer shutdowns worldwide.

This Windows RDP Service vulnerability also allows attackers to control the user server or create a blue screen, once widely used, will not only affect the normal operation of the server, but also make the server is fully controlled by hackers to use the tool, the entire Internet to create greater harm.

Microsoft says most customers turn on Automatic Updates and they don't have to take any action. However, many Windows servers do not turn on the "Automatic Updates" during use, security Bao said, prompt server administrator to download and install the official patch immediately to avoid the damage suffered by the vulnerability. At the same time, the vast number of server administrators can now detect the risk of this vulnerability to the server.

Security treasure pointed out that the vulnerability of the file is Rdpwd.sys, the reason for the vulnerability is the Handleattachuserreq () function. This vulnerability could allow remote code execution if an attacker sends a series of specially crafted RDP (remote Desktop Kyoto) packets to the affected system.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.