OIT Tech 32px
Email upgrade: Working around graduate student calendaring issues
Installing Office 365 ProPlus: Graduate student workaround
Microsoft Office now free for OHIO students
While you were away: Summer IT changes
Oracle R12 upgrade completed ahead of schedule
Mac OS WiFi setup tips
University improves login process for multiple services
Employees urged to set secret questions
Email upgrade: Graduate students under way, employees scheduled for October
Data center improvements: Down time July 18-19
deco-circuit-banner

University takes steps to secure against Windows Remote Desktop critical vulnerability

Friday, March 16, 2012
Sean O'Malley  

To protect against a recently published Microsoft Windows critical vulnerability that could allow hackers to gain full control over Windows systems via Remote Desktop, OIT has begun blocking access to that service from outside the university network.

Remote Desktop is most commonly used by individuals to log into office PCs from home or while traveling. Faculty and staff who wish to use Remote Desktop from off-campus should take the following steps:

  1. Run Windows Update to ensure that all critical patches have been applied to your Windows computers.
  2. Contact the OIT Service Desk at 740-593-1222 or www.ohio.edu/oitech to submit a request for remote desktop access from off-campus.

Even if you do not use Remote Desktop, you still should run Windows Update and make sure it is configured to automatically download and install critical updates.

Additional steps to better secure your computer

Microsoft has released a patch for this vulnerability, so your first step should be to run Windows Update and make sure that all critical updates have been installed.  

After doing that, you should consider following the steps outlined below. These steps will not fix the underlying vulnerability. Only installing the patch will do that. Still, they do provide additional protection. Detailed explanations of each workaround can be found in Microsoft Bulletin MS12-020.

  1. Disable Remote Desktop - If you don't need this service, turn it off.
  2. Limit access to TCP Port 3389 via a firewall - When practical, configure your firewall to only allow incoming RDP requests from trusted locations.
  3. Enable Network Level Authentication on modern Windows systems -If you only use Windows Vista, Windows 7, Server 2008, or Server 2008 R2, then you can require a user to authenticate before they can start a remote desktop session.


Related Links

SANS raises Internet Threat Level to Yellow 
Microsoft Bulletin MS12-020