Thor (Hammer of God | 20 Mar 16:12 2012

Regarding MS12-020

PoC code for MS12-020 (RDP) is obviously floating about, and many are still worried about worm activity
from this.

One of my criticisms about this industry is that rarely is mitigation information shared or discussed;
people seem to concentrate on breaking and not preventing exploitation.  I wanted to point out that anyone
who followed the processes or techniques in my RDP chapter of Thor's Microsoft Security Bible (or used the
tool I wrote for RDP access) would have been automatically protected from this vulnerability.  That is not
a point of ego, just a point of fact. 

If you are concerned with RDP security, as you should be, you can read most (if not all) of Chapter 7 for *free*
using the Amazon "preview a page" feature.  If the RDP vulnerabilities have caused you any level of
concern, then I suggest you do.  Like I said on the FD list, I'm far more concerned with making sure people get
the information they need (for free of course) than I am trying to earn a buck - anyone who knows me knows I've
always freely shared all information in an effort to contribute to security.

The first think I will tell you is to always use NLA (network level authentication).  It can be a very powerful
way to obviate exploitability.  The rest of the information is all right there gratis for your viewing

If you are in a pinch and need help with any of this, I'll try my best to help if you want to ping me offline.   Thanks.

Timothy "Thor"  Mullen

There's no need to think outside the box if you don't 
think yourself into to start with.

(Continue reading)