Closing Windows RDP Vulnerability
On Tuesday 13 March 2012 we received an advisory from Microsoft regarding a vulnerability in Remote Desktop Protocol (RDP), alerting us to a bug that allows a remote hacker to execute code on a system, without any intervention on the part of the user. As some of our servers our windows based, we pounced on this notification and took immediate steps to close the vulnerability. We confirmed the patch provided by Microsoft had no impact on our staging servers, so it was good to go. We scheduled our systems to deploy the patch that very same day, notifying our customers of our intent.
We patched all affected servers on three continents within 24 hours of being alerted to the vulnerability. Some providers, not mentioning any names, took a little longer to respond. I couldn’t believe it when I found out that a provider had scheduled their patch deployment for Saturday….5 days after the patch was made available by Microsoft.
I can’t speak for other providers, but here at Hornbill we take security very seriously and will respond as rapidly as possible to close vulnerabilities.
We’ll see if we can beat 24 hours next time!! 🙂
For more information on the specific vulnerability, see: