So is 4125 listening?

So some how I missed this in my first read of MS12-020. 

Buried deep in the mitigation section they specifically call out SBS 2003:

Note Windows Small Business Server 2003 uses a feature named Remote Web Workplace. This feature uses TCP port 4125 to listen for RDP connections. If you are using this feature, you should validate that this port is also blocked from the Internet in addition to port 3389.

Actually no, that’s not right.  Port 4125 only opens up AFTER you authenticate.  It’s not sitting there listening for RDP connections.

I’m not saying that you shouldn’t prioritze this patch, far from it, but you should understand the risks.  And on a default SBS 2003 UNLESS you specifically open it up in the wizards, terminal server/3389 is not open.  Furthermore 4125 is not sitting there listening for a connection.

More specifically about the process there.

Comments are closed.

Post Navigation