[148370] in North American Network Operators' Group
Re: Possible New Zero Day Microsoft Windows 3389 vulnerability -
daemon@ATHENA.MIT.EDU (Alex Brooks)
Fri Jan 13 08:40:10 2012
In-Reply-To: <CA7E867D448D8B489EFF2E97E266038A1DACA657@RA-EX01.raprinting.com>
From: Alex Brooks <askoorb+nanog@gmail.com>
Date: Fri, 13 Jan 2012 13:38:44 +0000
To: James Braunegg <james.braunegg@micron21.com>, nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hello,
On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg
<james.braunegg@micron21.com> wrote:
>
> Hey All,
>
> Just posting to see if anyone has seen any strange outbound traffic on po=
rt 3389 from Microsoft Windows Server over the last few hours.
>
> We witnessed an alarming amount of completely independent Microsoft Windo=
ws Servers, =A0each on separate vlan and subnets (ie all /30 and /29 alloca=
tions) with separate gateways on and completely separate customers, but all=
services were within the same 1.x.x.x/16 allocation all simultaneously sen=
d around 2mbit or so data to a specific target IP address.
>
Have you contacted Microsoft yet?
https://support.microsoft.com/oas/default.aspx?gprid=3D1163&st=3D1&wfxredir=
ect=3D1&sd=3Dgn
If you have a support contract (which you probably do) you'll get a
very quick response if you choose the "security" option.
Whatever you do, do let everyone know what the problem turns out to be.
Alex
