Windows Remote Desktop Exploit In the Wild

angry tapir writes "Luigi Auriemma, the researcher who discovered a recently patched critical vulnerability in Microsoft's Remote Desktop Protocol (RDP), published a proof-of-concept exploit for it after a separate working exploit, which he said possibly originated from Microsoft, was leaked online on Friday. Identified as CVE-2012-0002 and patched by Microsoft on Tuesday, the critical vulnerability can be exploited remotely to execute arbitrary code on systems that accept RDP connections."

Re:Did anyone think it was secure anyway?

[Svippy]

How often is it 'people with a clue' that attackers are after?

Re:Did anyone think it was secure anyway?

[cbhacking]

That's just placing trust in the VPN software, rather than the terminal services server. How does that help? You may trust a particular VPN implementation more than you trust any code out of Microsoft, I guess, but RDP is already encrypted and can be configured to use fairly good authentication.

Yes, for a business, it is expected that a VPN would be required (because there are a lot of network resources beyond RDP, and because the internal network is typically behind a proxy), but for a home connection that seems excessive. RDP is disabled by default on home installations, but plenty of people enable it at some point and don't later disable it even though it's a potential attack vector - much like SSH, which people also often use without VPN.

Additionally, there's always the risk of things like a disgruntled employee using this attack from within the corporate network to attack a co-worker (or manager) by changing something on their computer or stealing their credentials, or a corporate spy using it to gain access to data they shouldn't have, or... For remote security vulnerabilities, you need to be a lot more imaginitive in considering threat cases!

Re:Did anyone think it was secure anyway?

[cusco]

Lower cost of code production

Half-right. The code was written when Server 2003's APIs were the predominant security model on the planet. Unfortunately the new security model in Win7/Svr2008 breaks a lot of that code, sometime in non-obvious ways. An enormous industrial machine code base cannot be ported to the new OSs without major or complete re-writes. A goodly amount of that code is for custom-built systems or machines that are no longer being manufactured but which will continue to function for decades longer, and that code will probably NEVER be ported over.

I contracted at a utility that had a knee-high pile of ancient Compaq 386 laptops in their radio communications shop. When I offered to dispose of them the guys told me they had a half-million dollar radio tower which used configuration software that would **ONLY** run under MS DOS 3 on a 386 CPU. The manufacturer had been gobbled up by some other company and had no intention of re-writing software for a product that they no longer made. They kept that pile for 14 years, until the tower was finally replaced.

So, yeah, there's a shitload of that stuff out there and you're just going to have to keep dealing with DOS, Win9x, NT, Win2K, for the next couple of decades.