Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

Alex Brooks askoorb+nanog at gmail.com
Fri Jan 13 07:38:44 CST 2012


Hello,

On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg
<james.braunegg at micron21.com> wrote:
>
> Hey All,
>
> Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours.
>
> We witnessed an alarming amount of completely independent Microsoft Windows Servers,  each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address.
>

Have you contacted Microsoft yet?
https://support.microsoft.com/oas/default.aspx?gprid=1163&st=1&wfxredirect=1&sd=gn

If you have a support contract (which you probably do) you'll get a
very quick response if you choose the "security" option.

Whatever you do, do let everyone know what the problem turns out to be.

Alex



More information about the NANOG mailing list