RDP Proof-of-Concept Exploit Triggers Blue Screen of Death

mask.of.sanity writes "A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organizations use RDP to work from home or access cloud computing services. Only days after a patch was released, a bounty was offered for devising an exploit, and later a working proof of concept emerged. Chinese researchers were the first to reveal it, and security professionals have found it causes a blue screen of death in Microsoft Windows XP and Windows Server 2003 machines. Many organizations won't apply the patch and many suspect researchers are only days away from weaponizing the code."

Re:How important is this?

[darkmeridian]

Windows 2003 R2 was released on April 23, 2003. It has already entered its end of life phase on July 13, 2010. Anything critical has to be updated, maintained, and patched. If your mission critical server is still running Windows 2003, then you're doing it wrong. If your mission critical server is still running Windows 2003 and you haven't applied this patch, then you're doing it wrong. I just don't know how big a problem this will be in the real world.

Re:How important is this?

[ThePiMan2003]

The idea is that a specially crafted payload could root the box instead of crashing the system. Right now the payload only crashes the system because the researches didn't spend the time making it worse.