An error occurred:

Check: 2012-A-0039

windows 7 iavm: 2012-A-0039 (in version v1 r32)

Title

Multiple Vulnerabilities in Microsoft Remote Desktop Protocol (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities in Microsoft Remote Desktop Protocol (RDP). RDP allows remote users to access all of the data and applications on their computers. To exploit these vulnerabilities, an attacker would send a sequence of malicious RDP packets to the affected system. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code or cause the RDP service to stop responding resulting in the compromise of the affected system.At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS12-020 (2671387). Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86*, x64* and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64)[1] Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64* and Itanium)[1] *Server Core installation affected. [1]Update package KB2621440 addresses CVE-2012-0002 and update package KB2667402 addresses CVE-2012-0152. While CVE-2012-0152 has a lower severity rating than KB2621440 on affected versions of Microsoft Windows, the aggregate severity rating is Critical based on CVE-2012-0002. Customers should apply all updates offered for the version of Microsoft Windows installed on their systems. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Rdpwd.sys Windows XP SP3 - 5.1.2600.6187 Windows XP SP2 x64 - 5.2.3790.4952 Windows 2003 SP2 - 5.2.3790.4952 Windows Vista / 2008 - 6.0.6002.18568 or 22774 Windows 7 / 2008 R2 - 6.1.7600.16963 or 21151 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17779 or 21924

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31885

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check