June 15, 2012
Microsoft has announced a vulnerability in the Remote Desktop Protocol (RDP) affecting all supported versions of the Windows operating system (CVE-2012-0173). RDP allows users to administer Windows systems in a manner that displays the remote Windows desktop locally. This vulnerability may allow an attacker to gain remote access to Windows-based systems or deny access to RDP. NOTE: This vulnerability is distinct from the RDP vulnerability announced by Microsoft on March 12, 2012 (CVE-2012-0002).
Detailed information about the vulnerability, including Microsoft instructions for updating to address this vulnerability, is available here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-036
AWS customers running Windows instances, and who have enabled the automatic software updating feature within Windows, should download and install the necessary update which will subsequently address this vulnerability automatically. Instructions on how to ensure automatic updating is enabled are here:
http://windows.microsoft.com/en-US/windows/help/windows-update
AWS customers running Windows instances, and who have not enabled the automatic software updating feature within Windows, should manually install the necessary update by following the instructions here:
http://windows.microsoft.com/en-US/windows/help/windows-update
Microsoft provides additional guidance about automatic software update configuration options for Windows here:
http://support.microsoft.com/kb/294871
In order to limit the exposure of your instances to this type of vulnerability, AWS strongly recommends that you restrict inbound TCP port 3389 to only those source IP addresses from which legitimate RDP sessions should originate. These access restrictions can be applied by configuring your EC2 Security Groups accordingly. For information and examples on how to properly configure and apply Security Groups, please refer to the following documentation:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/adding-security-group-rules.html?r=8504
The default AWS-provided EC2 Windows Amazon Machine Images (AMIs) in all EC2 regions incorporate the Microsoft security updates that address this Windows RDP vulnerability. AWS EC2 Windows AMIs can be viewed and launched from here:
https://aws.amazon.com/amis?ami_provider_id=1&platform=Windows