Slashdot Mirror
RDP Proof-of-Concept Exploit Triggers Blue Screen of Death
mask.of.sanity writes "A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organizations use RDP to work from home or access cloud computing services. Only days after a patch was released, a bounty was offered for devising an exploit, and later a working proof of concept emerged. Chinese researchers were the first to reveal it, and security professionals have found it causes a blue screen of death in Microsoft Windows XP and Windows Server 2003 machines. Many organizations won't apply the patch and many suspect researchers are only days away from weaponizing the code."
Windows 2003 crashed remotely because you didn't applied a 3 days old patch doesn't seem scary to you? Just wait for the bean counters on the second floor to stone you to death because their stone-age old ERP crap is down. Or the DNS/DHCP server. Or the hole freaking AD.
I have never seen RDP open to the world. If you do that, you're asking for issues regardless of any exploit.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Aside from this nasty RDP bug, how exactly is this "insanely stupid" any more so than leaving a web server connected to the Internet? I've seen plenty of web servers get rooted and turned into zombie spewing infected machines throwing spam and hosting fake AV advertisements.
For over ten years now, a major exploit of RDP is a first that I can recall. And BTW, the RDP connection is encrypted. With VPN, encryption is iffy at best and may not be enabled by default depending on the client you use.
Just because RDP provides a GUI remote desktop and looks more exposed visually doesn't mean it technically is any less secure than other protocols used.
Life is not for the lazy.
You'd be wrong. Dead wrong.
MS shops do this.
Shops that avoid MS at all costs and give control of it to finance/ms person, who have no clue about security do this.
Small businesses that just don't know better do this.
There are two types of people in the world: Those who crave closure
Mitigate means "reduces the severity of". If fewer machines are vulnerable, that mitigates some risk.
There is no particular reason RDP needs to be behind a VPN any more than any other protocol. It is fully encrypted, does secure password exchange and all that jazz. Same as SSH. So if you run any SSH servers that are open to the world, well there's your answer.
If you are all VPN all the time, ok, though I will caution you to carefully check your setup, VPN is often a false sense of security (particularly since in many configurations it punches through the user's NAT and host based firewall and can expose them). However if you are ok with things like SSH to your UNIX systems but not RDP to your Windows systems that just means you have a poor understanding of the protocols.
I'm sorry, mod parent up, so freaking right not even funny.
Was going to post anon, but to hell with my Karma, if you can't recognize that Microsoft isn't the same company it was 12 years ago you are part of the problem and not part of the solution. Not saying they are the best at anything, that's in the eye of the beholder. I'm just saying that Windows 7 (while needing it's code optimized like KDE4 had) is a far superior OS to Windows XP and Windows XP wasn't a bad platform to start off with. In 1999 (when it was released) it was far superior to linux in many ways and it was far worst in others. Today, the same case applies, however MS is actually now contributing to the OS community, working with the development community (see Kinect, their Sony reaction only lasted a few days).
Want to talk about Security, there are 13 known rootkits for Linux which rootkit (the application that scans for them) can't detect. There are viruses, there are kernel dumps, and worst of all there is LIBHELL, this look familiar?
/usr/lib/libboost.so.15
/boot perhaps run fschk without -j or -f? /boot ... :'( :'( )':
$ someapp
Someapp can't find libboost.so.14
$ find / -name "libboost.so.*"
$ yes QQ
QQ
QQ
QQ
QQ
QQ
^C
$
or my favorite one
Couldn't find
root$ ls
grub boot
root$
>)';
Couldn't find command:
So yeah, Linux has it's own stability and security issues, some that make me want to throw myself off a 30floor building sometimes, but I love it too, but I think Microsoft puts out an upstanding product and so does Linux.
I really don't know why I was so verbose, esp with the BS commands.
WTF Slashdot, why do I have to login 50 times to post?
Well in a way I honestly can't say that I blame them. Just look at how many here are pissing and moaning they are gonna have to go and deploy this patch across their system, aka doing their jobs, when we ALL know it is SOP for the script kiddies to reverse engineer every single patch MSFT releases and to use that for making easy attacks. Look at how many "ZOMFG Windows got horribly hacked!" we have seen where it was fucking patched MONTHS AGO but corps drug their feet and ended up getting pwned.
To use a /. car analogy if you park your car on the railroad track to take a nap and someone comes along and says "hey i live around here and there is a train coming down that track, let me help you move to someplace safe" and you go "nahhh, hitting those bumps might shake loose a screw, give me time to crawl under the hood and check everything out" and you drag your feet until the train hits you? Well stupid fucking you, you deserved what you got. Its not like this isn't common knowledge, or some new thing the script kiddies are doing, its been SOP since Win9X. MSFT releases a patch, script kiddies reverse engineer, a dozen variants are out in the wild within hours of patching. If you are so damned worried about compatibility you need to be running a test bed anyway just for this scenario, and when a nasty bug is patched your ass damned well better be on the ball and ready to deploy because those script kiddies aren't gonna go "Its okay, we'll wait, just let us know when you're ready". Like it or not folks malware and exploits are a billion dollar business and with that kind of money at stake you damned well better bring your A game, anything less is your ass.
ACs don't waste your time replying, your posts are never seen by me.
I have employees who are allowed to come in to the VPN with their home (non-corporate-managed) machines, and no restrictions on their network traffic. I'm working on changing that but it hasn't happened as yet. Additionally, I have way too much experience with malware running on Windows machines while their installed antivirus software is happily telling anyone who asks there's nothing wrong at all.
You need to stop thinking about internal risks in terms of deliberate actions by malicious employees (which is still a risk) and start thinking more in terms of the malware they're almost inevitably running and what actions it can take without their knowledge. This is a highly wormable exploit - think SQL Slammer. I would suggest you consider your soft center as well as your hard crunchy outside for this one.