{"id":1716,"date":"2012-03-16T12:48:12","date_gmt":"2012-03-16T15:48:12","guid":{"rendered":"http:\/\/www.talsoft.com.ar\/?p=1716"},"modified":"2012-03-16T12:48:12","modified_gmt":"2012-03-16T15:48:12","slug":"exploit-publico-para-ms12-020-parchea-tu-windows","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/","title":{"rendered":"Exploit p\u00fablico para MS12-020 (Parchea tu windows!)"},"content":{"rendered":"<p>El pasado martes, Microsoft lanz\u00f3 una actualizaci\u00f3n cr\u00edtica\u00a0<a href=\"http:\/\/technet.microsoft.com\/en-us\/security\/bulletin\/ms12-020\">MS12-020<\/a>\u00a0(que supersede a\u00a0<a href=\"http:\/\/go.microsoft.com\/fwlink\/?LinkId=221880\">MS11-065<\/a>) que corrige una vulnerabilidad en la implementaci\u00f3n del protocolo RDP. Seg\u00fan la<a href=\"http:\/\/support.microsoft.com\/kb\/2621440\">descripci\u00f3n de esta vulnerabilidad\u00a0<\/a>(<a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-0002\">CVE-2012-0002<\/a>) podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario en el sistema afectado.<\/p>\n<div><a href=\"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png\" alt=\"\" width=\"320\" height=\"249\" border=\"0\" \/><\/a><\/div>\n<p>Las empresas suelen publicar el puerto RDP (TCP 3389) a trav\u00e9s de Internet para permitir el acceso remoto a sus servidores y estaciones de trabajo. Este factor hizo que sea muy atractivo para los atacantes realizar ingenier\u00eda inversa del parche, entender los detalles del error y elaborar un\u00a0<a href=\"http:\/\/pastebin.com\/UzDKcCQy\">exploit chino<\/a>,\u00a0<a href=\"http:\/\/pastebin.com\/WYx9kRQ6\">II<\/a>\u00a0y\u00a0<a href=\"http:\/\/blog.binaryninjas.org\/?p=58\">III<\/a>\u00a0(aparente v\u00e1lidos),\u00a0<a href=\"http:\/\/krebsonsecurity.com\/2012\/03\/hackers-offer-bounty-for-windows-rdp-exploit\/#more-14137\">el cual ya ha sido publicado en las \u00faltimas horas<\/a>. No se debe perder de vista que anteriormente ya hab\u00eda circulado\u00a0<a href=\"http:\/\/blog.binaryninjas.org\/?p=58\">otro exploits falso supuestamente creado &#8220;by Sabu&#8221;<\/a>.<\/p>\n<p>La vulnerabilidad afecta la implementaci\u00f3n de RDP de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 y Windows 7. Por estas razones,\u00a0<strong>se recomienda aplicar el parche MS12-020 tan pronto como sea posible en su entorno<\/strong>\u00a0y tambi\u00e9n se puede aplicar un\u00a0<a href=\"http:\/\/exploitshop.wordpress.com\/2012\/03\/13\/ms12-020-vulnerabilities-in-remote-desktop-could-allow-remote-code-execution\/\">filtro para Snort<\/a>.<\/p>\n<p><strong>Actualizaci\u00f3n:<\/strong>\u00a0<a href=\"http:\/\/threatpost.com\/en_us\/blogs\/ms12-020-rdp-exploit-found-researchers-say-code-may-have-leaked-security-vendor-031612\">la vulnerabilidad y PoC original fue reportada<\/a>\u00a0a Microsoft por\u00a0<a href=\"http:\/\/aluigi.org\/adv\/termdd_1-adv.txt\">Luigi Auriemma<\/a>(<a href=\"http:\/\/www.zerodayinitiative.com\/\">TippingPoint&#8217;s Zero Day Initiative<\/a>) y al parecer el exploit chino empaquetado que fue publicado ayer, es exactamente el mismo, lo cual lleva a\u00a0<a href=\"https:\/\/twitter.com\/#%21\/luigi_auriemma\/statuses\/180530223366938624\">Luigi a preguntarse \u00bfqui\u00e9n lo filtr\u00f3?<\/a>.<strong>Esta\u00a0publicaci\u00f3n har\u00e1 que no pase demasiado hasta que aparezca el primer gusano que aproveche la vulnerabilidad.<\/strong><\/p>\n<p><strong>Fuente : Cristian de la Redacci\u00f3n de\u00a0<a href=\"http:\/\/www.segu-info.com.ar\/\">Segu-Info<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>El pasado martes, Microsoft lanz\u00f3 una actualizaci\u00f3n cr\u00edtica\u00a0MS12-020\u00a0(que supersede a\u00a0MS11-065) que corrige una vulnerabilidad en la implementaci\u00f3n del protocolo RDP. Seg\u00fan ladescripci\u00f3n de esta vulnerabilidad\u00a0(CVE-2012-0002) podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario en el sistema afectado. Las empresas suelen publicar el puerto RDP (TCP 3389) a trav\u00e9s de Internet para permitir [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-1716","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Exploit p\u00fablico para MS12-020 (Parchea tu windows!)<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Exploit p\u00fablico para MS12-020 (Parchea tu windows!)\",\"datePublished\":\"2012-03-16T15:48:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/\"},\"wordCount\":274,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png\",\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Exploit p\u00fablico para MS12-020 (Parchea tu windows!)\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png\",\"datePublished\":\"2012-03-16T15:48:12+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage\",\"url\":\"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png\",\"contentUrl\":\"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Exploit p\u00fablico para MS12-020 (Parchea tu windows!)","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Exploit p\u00fablico para MS12-020 (Parchea tu windows!)","datePublished":"2012-03-16T15:48:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/"},"wordCount":274,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage"},"thumbnailUrl":"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png","articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/","url":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Exploit p\u00fablico para MS12-020 (Parchea tu windows!)","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage"},"thumbnailUrl":"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png","datePublished":"2012-03-16T15:48:12+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/exploit-publico-para-ms12-020-parchea-tu-windows\/#primaryimage","url":"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png","contentUrl":"http:\/\/blog.binaryninjas.org\/wp-content\/uploads\/2012\/03\/ms12-20.png"},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=1716"}],"version-history":[{"count":1,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1716\/revisions"}],"predecessor-version":[{"id":1717,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1716\/revisions\/1717"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=1716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=1716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=1716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}