Recent MS RDP vulnerability?

Follow

James Ray

March 17, 2012 19:45

Is the security of the Jump Desktop apps compromised by the recently discovered MS RDP vulnerability?   

Microsoft  MS12-020 update, which addresses a remote, pre-authentication, network-accessible code execution vulnerability in Microsoft’s implementation of the RDP protocol.

I have instructed clients using JD RDP,  to stop usage until clarification / confirmation stating security is intact and OK to resume usage.

0

• 

  Jump Desktop Support March 19, 2012 22:31

  Hi James,

  We've gone through the MS12-020 alert and we recommend customers do the following:

  1. We strongly recommend applying the MS12-020 patch immediately to all Windows systems. If possible, we recommend setting Window's auto updater to install future updates automatically. MS12-020 patches the vulnerability in question.

  2. Further more, we recommend Windows Vista and onwards users should make sure Windows' NLA mode is enabled. NLA mode mitigates the issue somewhat by only allowing authenticated users to initiate a connection to the server. This adds one layer of protection against future exploits as well. Jump has supported Window's NLA mode for nearly 9 months now. Jump's automatic setup client which installs on the PC has supported selecting NLA mode by default since version 3.0.7, released almost 9 months ago.

  To the best of our knowledge the above steps (specifically step #1) should be enough to mitigate the vulnerability. 

  Please let me know if you need more information.

  0

  Comment actions Permalink

Please sign in to leave a comment.