Microsoft released new Windows updates this week. Looking at the list of updates this month there is one critical vulnerability that is remotely exploitable externally (from outside the VPS) with the default configuration of our VPS. This critical security vulnerability affects the Remote Desktop Protocol (RDP). This is the service that runs on all Windows VPS that you connect to remotely manage your VPS.
The vulnerability is only applicable to a Windows 2012 VPS. Windows 2008 is not reported to be affected. To check your version of Windows you can go to “Start button (bottom left corner) > Run > and type in “winver” and enter”. A window will popup telling you if your version of Windows is 2008 or 2012.
This vulnerability was privately reported to Microsoft and there are no reports of any exploits of the vulnerability yet but, it’s a serious risk so we recommend updating your next opportunity. You can update your VPS by going to “Control Panel > Windows Update”. Select all the updates available and update. We recommend updating over weekends only and rebooting after.
Alternatively, instead of doing all the updates now you can download and install this specific RDP update for Windows 2012 here > http://www.forexvps.net/res/downloads/Windows8-RT-KB3067904-x64.msu and reboot after.
The SANS Internet Storm Center (ISC) has the best quick overview of the updates each month. https://isc.sans.edu/forums/diary/July+2015+Microsoft+Patch+Tuesday/19919/
Reference:
https://support.microsoft.com/en-us/kb/3073094
https://technet.microsoft.com/library/security/MS15-067
