Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
askoorb+nanog at gmail.com
Fri Jan 13 07:38:44 CST 2012
On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg
<james.braunegg at micron21.com> wrote:
> Hey All,
> Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours.
> We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address.
Have you contacted Microsoft yet?
If you have a support contract (which you probably do) you'll get a
very quick response if you choose the "security" option.
Whatever you do, do let everyone know what the problem turns out to be.
More information about the NANOG