On Tuesday, March 13th 2012, Microsoft released fixes for two reported vulnerabilities in the Remote Desktop Protocol described in the link below:

Microsoft Security Bulletin MS12-020 – Critical

The fixes for these two vulnerabilities can be reviewed here:

http://support.microsoft.com/kb/2667402
http://support.microsoft.com/kb/2621440

Obviously Microsoft releases critical security updates every month, however the problem that KB2621440 addresses is critically important. By sending specially crafted RDP packets to the target server, an attacker can gain complete administrative control over the machine in question. This is not only a concern for companies running publically accessible terminal servers, but even more critical for all the Windows based cloud servers that use RDP as the primary method for remote administration. When (and I won’t even say if) attackers develop a worm that takes advantage of this exploit, it has the potential to be as bad or worse than anything we’ve seen in the past few years.

Microsoft does mention that if the server is requires Network Level Authentication for RDP connections, the attack surface is drastically reduced. This would require the attacker to have valid login credentials before being able to exploit the vulnerability. While this is a positive, this probably wouldn’t be the case in most instances since it isn’t the default configuration for Remote Desktop Services.

Definitely be proactive about this one, get those servers patched!