March 13, 2012
Microsoft has announced a critical remote code execution vulnerability in the Remote Desktop Protocol (RDP) affecting all supported versions of the Windows operating system (CVE-2012-0002). RDP allows users to administer Windows systems in a manner that displays the remote Windows desktop locally. This vulnerability may allow an attacker to gain remote access to Windows-based systems. Microsoft has released an update to address this vulnerability and they “strongly encourage you to make a special priority of applying this particular update.”
Detailed information about the vulnerability, including Microsoft instructions for updating to address this vulnerability, is available here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
AWS customers running Windows instances, and who have enabled the automatic software updating feature within Windows, should download and install the necessary update which will subsequently address this vulnerability automatically. Instructions on how to ensure automatic updating is enabled are here:
http://windows.microsoft.com/en-US/windows/help/windows-update
AWS customers running Windows instances, and who have not enabled the automatic software updating feature within Windows, should manually install the necessary update by following the instructions here:
http://windows.microsoft.com/en-US/windows/help/windows-update
Microsoft provides additional guidance about automatic software update configuration options for Windows here:
http://support.microsoft.com/kb/294871
In order to limit the exposure of your instances to this type of vulnerability, AWS strongly recommends that you restrict inbound TCP port 3389 to only those source IP addresses from which legitimate RDP sessions should originate. These access restrictions can be applied by configuring your EC2 Security Groups accordingly. For information and examples on how to properly configure and apply Security Groups, please refer to the following documentation:
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/index.html?adding-security-group-rules.html
March 15, 2012
UPDATE 1: The default AWS-provided EC2 Windows Amazon Machine Images (AMIs) in all EC2 regions incorporate the Microsoft security updates that address this Windows RDP vulnerability. AWS EC2 Windows AMIs can be viewed and launched from here:
https://aws.amazon.com/amis?ami_provider_id=1&platform=Windows