Exploit Found, Patch Now – MS12-020

March 21st, 2012 by Patrick M. | View Comments

Tags: , ,

Last week (Tuesday, March 13, 2012), Microsoft released a security bulletin detailing a fairly severe vulnerability in their Remote Desktop Protocol which is present in all versions of it from Windows XP to Windows Server 2008 R2.  At the time there was no functional exploit code in the wild, but the potential risk surrounding this vulnerability was marked as “Critical.”  The following is a snippet from their own write-up of the security vulnerability:

“This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.”

The bolded text was added by us.  Security vulnerabilities with the potential to allow remote code execution are some of the most severe around.  This means that given the appropriate sequence of packets, an attacker could do anything from creating their own users to simply shutting the server down, without providing as much as a password. Due to these threats, secure data is a must!

Microsoft released a patch for this vulnerability the same day as the security bulletin, and if your servers are currently configured to perform automatic updates, you are likely in the clear for this particularly nasty hole.  However, if you are managing your patches yourself and haven’t gotten around to addressing this one, it would be in your best interest to do so as soon as possible.

At the time the patch was released, no functional exploit code was available.   Since then, however, several IT security professionals have been working to develop a proof-of-concept exploit to take advantage of unpatched systems.  The demand for this exploit even grew so great that a $1,500 bounty had been offered to the first person or team to provide a functional Metasploit security plugin.  Simply the amount of buzz around this vulnerability should be enough motivation to apply the patches as soon as possible.

A security vulnerability with such potential for damage doesn’t come out very often, but when it does, it’s a pretty big deal.  For those of you hosting with INetU, contact support to find out if your server has been patched yet, and if it has not, we can schedule a time to do so immediately.  For those of you hosting elsewhere, you too should make an effort to see that your Windows servers are safe from this vulnerability and other security issues.

Obtaining HIPAA Compliance Through a PCI DSS Framework

June 1st, 2011 by Patrick M. | View Comments

Tags: , , ,

Compliance is a hot topic in the IT industry, and for good reason. By following the rules and guidelines set forth by these compliance standards, not only do you avoid potential fines and penalties but you also are providing your users and clients the peace of mind in knowing that their data is secured. Where PCI compliance is relatively straight forward (12 controls which are easily measureable and testable) HIPAA compliance is a bit less friendly and much more vague.

Read the full post »

File vs Block Level Backups

March 30th, 2011 by Patrick M. | View Comments

Tags: ,

Every IT professional should be familiar with backups. Be it a simple file copy for safe keeping or a complex backup system for a multi-server environment. Regardless of which method your employ, it is important to simply have a backup plan in place. There is a myriad of options available for performing system backups, but they can be split into major camps based on the methods they use to perform the backup; file-level and block-level. For those that need to know the difference, this article will help shed some light on the difference between the two.

Read the full post »

Top 5 Firefox Plugins for Power Users and Developers

June 16th, 2010 by Patrick M. | View Comments

Tags: , , , , ,

The Firefox web browser is capable of (for lack of a better word) extending its abilities through the use of various plugins, or (as they are known in the Firefox community) extensions. In this article, I’d like to introduce you to my top 5 most useful Firefox extensions:

Read the full post »

3 Great Apps for your Security Toolkit

December 30th, 2009 by Patrick M. | View Comments

Tags: , , ,

Any admin worth his/her salt has a common set of tools and applications they use on a regular basis for managing whatever environment for which they are responsible. Managing the security of the environment is no exception. While this meager blog post makes no claims to aid you in performing a full scale security analysis or penetration test, there are some basic tools you can use to ensure that the most glaring problems are found and mitigated.

  1. NMap – This is one of the most popular port scanners found on the Internet, and the reason for this is because it’s, well, a great tool. With configuration options a mile long and a great development community behind it, it really does exactly what it says it will and not much more.
  2. Nessus – Nessus is a network vulnerability scanner that constantly updates a list of plugins and “checks” which it uses to evaluate a server for given vulnerabilities. While they did recently change their licensing model, replaced their free registered plugin feed with a feature-sparse “home” feed, and also changed from open to closed source, Nessus is still one of the premier vulnerability scanning tools available.

Read the full post »

« Older Entries
©1996-2011 INetU Inc, All Rights Reserved.