Hello,
On March 13, 2012, Microsoft released its scheduled patch update for March 2012. This month's update included a critical Remote Desktop Protocol (RDP) patch (MS12-020) that can be exploited for remote unauthenticated code-execution. Although RDP is not enabled by default, when it is enabled many RDP servers are placed directly on the Internet. If RDP is being used, ensure it is patched as soon as possible. RDP should not be placed directly on the Internet. RDP should be remotely accessible only by trusted clients by way of a VPN or similar solution. Public proof-of-concepts that cause denial-of-service conditions have been observed since March 15, 2012 and been verified by Symantec. No proof-of-concepts for remote-code-execution have been observed as of yet. The DeepSight team is monitoring port TCP 3389 for activity that may indicate a worm.
Symantec Customers are advised to install all applicable updates as soon as possible.
Microsoft Security Bulletin Summary for March 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-mar Microsoft: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution http://technet.microsoft.com/en-us/security/bulletin/ms12-020 BID 52353: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution http://www.securityfocus.com/bid/52353
A Recommended Read on this Topic:
Working PoC for MS12-020 Spotted in the Wild
https://www-secure.symantec.com/connect/blogs/working-poc-ms12-020-spotted-wild
and
Check the Attachment to see the Latest Update from Symantec, which tries to answer, questions on "Symantec Protection Overview Against Threats Targeting the MS12-020 Vulnerability".
Hope that helps!!
hi,
Thanks Mithun. vote up