Gee, Tim - someone might think you had an axe to grind <ducks swinging keyb=
oard>...
I know; Thor has a hammer, but it still works (barely).
One thing worth mentioning is that there is no mitigation for those who are=
still stuck using WS03, since NLA doesn't exist prior to Vista.
Those deployments are also great examples of what happens when layer-8 is t=
he primary motivating factor in the security choices you make.
Jim
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]=20
Sent: Tuesday, March 20, 2012 8:12 AM
To: 'bugtraq@securityfocus.com'
Subject: Regarding MS12-020
PoC code for MS12-020 (RDP) is obviously floating about, and many are still=
worried about worm activity from this.
One of my criticisms about this industry is that rarely is mitigation infor=
mation shared or discussed; people seem to concentrate on breaking and not =
preventing exploitation. I wanted to point out that anyone who followed th=
e processes or techniques in my RDP chapter of Thor's Microsoft Security Bi=
ble (or used the tool I wrote for RDP access) would have been automatically=
protected from this vulnerability. That is not a point of ego, just a poi=
nt of fact.=20
If you are concerned with RDP security, as you should be, you can read most=
(if not all) of Chapter 7 for *free* using the Amazon "preview a page" fea=
ture. If the RDP vulnerabilities have caused you any level of concern, the=
n I suggest you do. Like I said on the FD list, I'm far more concerned wit=
h making sure people get the information they need (for free of course) tha=
n I am trying to earn a buck - anyone who knows me knows I've always freely=
shared all information in an effort to contribute to security.
The first think I will tell you is to always use NLA (network level authent=
ication). It can be a very powerful way to obviate exploitability. The re=
st of the information is all right there gratis for your viewing pleasure. =
=20
If you are in a pinch and need help with any of this, I'll try my best to h=
elp if you want to ping me offline. Thanks.
t
---------------------------
Timothy "Thor" Mullen
www.hammerofgod.com
There's no need to think outside the box if you don't think yourself into t=
o start with.=20
討論串 (同標題文章)