From the desk of: Sam C. Chan

Advisory:   RDP Vulnerability

March 22, 2012  

This is a technical tips and quick reference page for IT consultants.

rdp vulnerability patches
platform\issue Patch avail NLA host NLA client
2000 Professional n/a n/a no
XP Professional SP3 yes no yes 50588
Vista Business SP2 yes built-in built-in
Windows 7 Professional yes RTM/SP1 built-in built-in
Server 2000 no no no
Server 2003 SP2 yes no no
Server 2003 R2 yes no no
Server 2008 SP2 yes built-in built-in
Server 2008 R2 SP1 yes built-in built-in

Server 2003 can no longer access NLA-enabled RDP hosts

XP RDP host can't require NLA

W7 req 2x patches: 2621440, 2667402

TN Blog

Subtle Patch Ramifications

Enabling NLA will prevent older clients (including Windows XP and Windows Server 2003) from connecting, by default. NLA will not disrupt remote desktop connections initiated by Windows Vista and later versions of Windows because they support NLA by default. If you need to initiate a remote desktop protocol connection to an NLA-enabled server from a Windows XP client, you can install support for Credential Security Support Provider (CredSSP) on each connecting Windows XP client. Instructions for doing so can be found here: kb/951608. You can also use this one-click Fix it solution on Windows XP SP3 clients to enable support for NLA: Fix0It 50588

Bravo Security Response Sequence:   Monitor * Research * Assess * Mobilize * Deploy * Post * Notify


Visions * Integrity * Perspectives Solutions, not products. Expertise, not hype. Rationales, not ideologies.

Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us