Microsoft has announced a critical, remote-code execution, vulnerability in the Remote Desktop Protocol (RDP) affecting all supported versions of the Windows operating system (CVE-2012-0002). RDP allows users to administer Windows systems in a manner that displays the remote Windows desktop locally. This vulnerability may allow an attacker to gain remote access to Windows-based systems. Microsoft has released an update to address this vulnerability and they “strongly encourage you to make a special priority of applying this particular update.”
Detailed information about the vulnerability, including Microsoft instructions for updating to address this vulnerability, is available here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
If you have enabled the automatic software updating feature within your running Windows instances, they should download and install the necessary update which will subsequently address this vulnerability automatically. The Windows instances in Arcade do NOT have automatic software enabled by default. Please us these instructions on how to ensure automatic updating is enabled are here:
http://windows.microsoft.com/en-US/windows/help/windows-update
In order to limit the exposure of your instances to this type of vulnerability, we strongly recommend that you restrict inbound TCP port 3389 to only those source IP addresses from which legitimate RDP sessions should originate. These access restrictions can be applied by configuring your Security Groups in the RightScale console. Instructions to limit IP access can be found here:
http://support.rightscale.com/12-Guides/Dashboard_Users_Guide/Clouds/AWS_Region/EC2_Security_Groups/Concepts/About_EC2_Security_Groups
You can also delete the inbound TCP port 3389 when not actively managing the Windows machine from within the RightScale console. You can add the inbound TCP port 3389 again when you need to administer the Windows machine.