Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Remote Desktop Exploit In the Wild

Posted by samzenpus on from the known-weakness dept.

angry tapir writes "Luigi Auriemma, the researcher who discovered a recently patched critical vulnerability in Microsoft's Remote Desktop Protocol (RDP), published a proof-of-concept exploit for it after a separate working exploit, which he said possibly originated from Microsoft, was leaked online on Friday. Identified as CVE-2012-0002 and patched by Microsoft on Tuesday, the critical vulnerability can be exploited remotely to execute arbitrary code on systems that accept RDP connections."

2 of 94 comments (clear)

  1. Re:Not entirely true by buchner.johannes · · Score: 5, Informative

    It cannot "be exploited remotely to execute arbitrary code". It can only crash the service. There is no RCE developed for this vulnerability, yet.

    As the CVE says:

    The Remote Desktop Protocol (RDP) implementation in [...] does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."

    And the MS security bulletin also holds it as Maximum Security Impact: Remote Code Execution.

    This is not FUD, even if there is no worm completed yet, it is a clear failure of MS security, and their concept of many lines of defense. Also, they promised to implement their own rehash of W^X, but apparently failed.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  2. Leaving the obvious question: how to turn off RDP? by Anonymous Coward · · Score: 5, Informative

    Turns out I already had it disabled (it's disabled by default?), but here's how to disable it in Windows XP or via group policy. Here's how to do it in Windows 7 (untested).