[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389

Subject: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
From: askoorb+nanog at gmail.com (Alex Brooks)
Date: Fri, 13 Jan 2012 13:38:44 +0000
In-reply-to: <[email protected]>
References: <[email protected]>

Hello,

On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg
<james.braunegg at micron21.com> wrote:
>
> Hey All,
>
> Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours.
>
> We witnessed an alarming amount of completely independent Microsoft Windows Servers, ?each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address.
>

Have you contacted Microsoft yet?
https://support.microsoft.com/oas/default.aspx?gprid=1163&st=1&wfxredirect=1&sd=gn

If you have a support contract (which you probably do) you'll get a
very quick response if you choose the "security" option.

Whatever you do, do let everyone know what the problem turns out to be.

Alex

References:
- Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
  - From: james.braunegg at micron21.com (James Braunegg)

Prev by Date: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Next by Date: community strings for Reliance Globalcom
Previous by thread: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Next by thread: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Index(es):
- Date
- Thread