Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

Alex Brooks askoorb+nanog at gmail.com
Fri Jan 13 13:38:44 UTC 2012


On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg
<james.braunegg at micron21.com> wrote:
> Hey All,
> Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours.
> We witnessed an alarming amount of completely independent Microsoft Windows Servers,  each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address.

Have you contacted Microsoft yet?

If you have a support contract (which you probably do) you'll get a
very quick response if you choose the "security" option.

Whatever you do, do let everyone know what the problem turns out to be.


More information about the NANOG mailing list