CloudShare Security Notification: Action Required - Critical Windows Remote Desktop Protocol Security Patch - MS12-020
Your CloudShare Operations team is always doing its best to stay ahead of the curve, monitor and improve performance, and maintain the security of your CloudShare environments/VMs, so you can stay focused and productive.
Last week, Microsoft released a critical Windows security patch which addresses two vulnerabilities in Microsoft’s implementation of Remote Desktop Protocol (RDP). One of the two, CVE-2012-0002, is a critical, remote code execution vulnerability affecting all versions of Windows.
As part of our commitment to provide quality service and the best, most secure CloudShare experience possible, we responded immediately and tested and ensured that our IPS detects, blocks, and alerts us on these attacks; we also tested and patched all of our infrastructure servers, as well as all of our machine templates.
As a second level of security, CloudShare strongly recommends that you patch all of your windows based VMs in your CloudShare immediately , as described here:
- All Windows operating systems require KB2621440
- Some Windows operating systems also require KB2667402
Since CloudShare already takes care of many of your IT concerns, we have automated a script that will patch and reboot your Windows machines when your CloudShare environment is prepared or resumed.
We will activate the script on Saturday 3/24/2012 1:00 am EST.
Note that if the patch is applied manually, CloudShare will take no action and will not reboot your machine.
Please contact your CloudShare support team if you have any concerns.
For more information about the vulnerabilities and patch please refer to:
- Microsoft Security Bulletin MS12-020 – Critical
- CVE-2012-0002: A closer look at MS12-020′s critical issue
- Experts sound worm alarm for critical Windows bug