[aklug] Fwd: additional wormable RDP and Alaskan RDP survey

Royce Williams royce at tycho.org
Fri Aug 16 08:31:43 AKDT 2019


Cross-posting to AKLUG.
-- 
Royce


---------- Forwarded message ---------
From: Royce Williams <royce at techsolvency.com>
Date: Fri, Aug 16, 2019 at 8:31 AM
Subject: additional wormable RDP and Alaskan RDP survey
To: <nuga at groups.io>


As you've probably seen, additional RDP vulns were patched for Patch
Tuesday. Microsoft holds back the patch if Symantec AV is present in some
circumstances, to avoid a system-impacting issue, Symantec is said to be
working on a fix.

@MalwareTechBlog on Twitter has a reliable way to test for the new vulns
(some calling them "DejaBlue"):

https://twitter.com/MalwareTechBlog/status/1162212127521665026

... but exploitation is easy enough that he's reluctant to release. This
means that this one was easier to figure out, and more people.

My personal recommendation: patch quickly where you can, enable NLA quickly
where you can't, or firewall if NLA isn't feasible, but my understanding is
that enabling NLA should be easy (and is the default on newer OSes?)

On the run, but quickly: all known Alaskan RDP as of last night is here,
with its status:

https://www.techsolvency.com/private/rdp/ak-rdp_2019-08-15.txt

Royce

-- 
Royce Williams
Tech Solvency
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20190816/d199d0db/attachment.htm>


More information about the aklug mailing list