Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

• Previous message (by thread): Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
• Next message (by thread): Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg
<james.braunegg at micron21.com> wrote:
>
> Hey All,
>
> Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours.
>
> We witnessed an alarming amount of completely independent Microsoft Windows Servers,  each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address.
>

Have you contacted Microsoft yet?
https://support.microsoft.com/oas/default.aspx?gprid=1163&st=1&wfxredirect=1&sd=gn

If you have a support contract (which you probably do) you'll get a
very quick response if you choose the "security" option.

Whatever you do, do let everyone know what the problem turns out to be.

Alex

• Previous message (by thread): Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
• Next message (by thread): Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]