Windows Server was recently exploded with high-risk remote code execution vulnerabilities ms12-020

Windows Server has recently been hit by a high-risk remote code execution vulnerability--ms12-020, Microsoft has set the level of vulnerability to the highest-severity (unacknowledged), an attacker can obtain administrator privileges by sending a specific packet to the Remote Desktop port (port number 3389).

The same level of loopholes in history has caused great harm and loss. In 2004, the Bulletin vulnerability could allow an attacker to send a specific packet to the 445 port remotely, gain execution privileges, and spread the virus. The shock wave virus, which is spread by this vulnerability, has paralyzed a large number of computers worldwide. Windows RPC Vulnerability in 2002 caused an attacker to remotely control the server through 135 ports. The shock wave virus that relies on this vulnerability has led to a large number of computer shutdowns worldwide.

This Windows RDP Service vulnerability also allows attackers to control the user server or create a blue screen, once widely used, will not only affect the normal operation of the server, but also make the server is fully controlled by hackers to use the tool, the entire Internet to create greater harm.

Microsoft says most customers turn on Automatic Updates and they don't have to take any action. However, many Windows servers do not turn on the "Automatic Updates" during use, security Bao said, prompt server administrator to download and install the official patch immediately to avoid the damage suffered by the vulnerability. At the same time, the vast number of server administrators can now detect the risk of this vulnerability to the server.

Security treasure pointed out that the vulnerability of the file is Rdpwd.sys, the reason for the vulnerability is the Handleattachuserreq () function. This vulnerability could allow remote code execution if an attacker sends a series of specially crafted RDP (remote Desktop Kyoto) packets to the affected system.