If you’re in IT, and you are responsible for some Windows computers, you should have heard of the upcoming critical security issue with Remote Desktop. If not, read about it here or here or any number of articles on other tech sites in the last week.
We have several clients using RDP and Terminal Server in various configurations. Usually, we’ve set them up behind firewalls that block by IP address or custom ports that make them a little less vulnerable. We’ve begun the process of making sure that the Windows Updates are current on these machines, especially those that have Remote Desktop enabled and connected to the Internet on the standard port of 3389.
Today, I ran into a machine that just could not run Windows Updates for some reason, and hadn’t for about 3 months. I tried many potential solutions, in which I won’t go into detail.
This post is not about fixing Windows Updates. This is about installing the critical security patch for WinXP SP3 for the RDP issue before the exploits begin.
The work around in my case was to manually install the patch.
This is Microsoft’s official security bulletin, Microsoft Security Bulletin MS12-020 – Critical Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387). If you read to the bottom, you see links to pages specific to various vulnerable Microsoft OSs. This is the one for Windows XP – Security Update for Windows XP (KB2621440). On that page is a download link to get the patch! Just download and run it.
Sure, the right thing to do is fix Windows Update on this particular computer; however, installing just this patch is far, far better than nothing.