{"id":54362,"date":"2012-03-22T17:58:33","date_gmt":"2012-03-22T21:58:33","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?p=54362"},"modified":"2013-03-13T13:40:37","modified_gmt":"2013-03-13T17:40:37","slug":"security-alert-for-microsoft-windows-users","status":"publish","type":"post","link":"https:\/\/www.bu.edu\/tech\/2012\/03\/22\/security-alert-for-microsoft-windows-users\/","title":{"rendered":"Security Alert for Microsoft Windows Users and VPN Required for RDP"},"content":{"rendered":"

There are two important consequences of a recent critical vulnerability announced by Microsoft last week:<\/p>\n

    \n
  1. IS&T is implementing a policy change regarding the use of Windows\u00e2\u20ac\u2122 Remote Desktop feature (RDP). If you use RDP to remotely access computers present on the BU campus, starting on Tuesday, April 3rd,<\/span> 2012, \u00c2\u00a0you will need to VPN into BU (http:\/\/vpn.bu.edu<\/a>) before connecting.\u00c2\u00a0Learn more about using the VPN<\/a>.<\/li>\n
  2. Those managing their own Windows computer should confirm that their computer has been updated. Details for making sure you computer is up to date can be found below.<\/li>\n<\/ol>\n

    If your computer is managed by IS&T\u00e2\u20ac\u2122s Desktop Services or one of our IT Partners, it is likely your work computer is up to date, and no further action is required besides following this policy after April 3rd<\/span>. If you have any questions about this policy, have questions about how your computer is configured, or if you have trouble remotely connecting to a computer on campus after April 2nd<\/span>, you may contact the IT Help Center by phone at 617-353-HELP (4357), email<\/a>, or web<\/a> for assistance.<\/p>\n

    Impact<\/strong><\/h2>\n

    An exploit has already been released that will cause a Blue Screen of Death on Windows 7 and a Denial of Service on Windows XP. It is expected that another exploit will soon be released that will allow an attacker to have complete control of the computer. After that, the next expected step is that a self-replicating worm will be released that will automatically jump from host to host, granting the attacker access to the system and taking any other action the attacker may wish.<\/p>\n

    Solution<\/strong><\/h2>\n

    If IS&T or one of our IT partners manages the computer you use, no further action is required other than following the new RDP policy starting April 3rd. If you are personally responsible for patching your computer and keeping it up to date (or if \u00c2\u00a0you would like to know how to better secure your home computer), there is some additional information you should know regarding the vulnerability identified by Microsoft. Below, we have some recommended actions for you to take to ensure your computer is protected.<\/p>\n

    What IS&T and the IT Partners are Doing<\/strong><\/h4>\n