Carnegie Mellon University Website Home Page

SECURITY ADVISORY: Remote Desktop Critical Vulnerability

(US Eastern Time)
DAY: Tuesday
DATE: March 13, 2012

Microsoft Security Bulletin MS12-20 at

Your Windows computer may be at risk. Customers who run the Remote Desktop Protocol (RDP) are susceptible to a vulnerability which could allow an attacker to execute code on the vulnerable system. By default, RDP is not enabled on any Windows operating system and systems that do not have RDP enabled are not at risk. However, ALL Microsoft Windows customers SHOULD TAKE ACTION.

RUN WINDOWS UPDATE NOW and install the latest security updates. If you are not using RDP, disable it.

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.