Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Remote Desktop Exploit In the Wild

Posted by samzenpus on from the known-weakness dept.

angry tapir writes "Luigi Auriemma, the researcher who discovered a recently patched critical vulnerability in Microsoft's Remote Desktop Protocol (RDP), published a proof-of-concept exploit for it after a separate working exploit, which he said possibly originated from Microsoft, was leaked online on Friday. Identified as CVE-2012-0002 and patched by Microsoft on Tuesday, the critical vulnerability can be exploited remotely to execute arbitrary code on systems that accept RDP connections."

3 of 94 comments (clear)

  1. Re:Did anyone think it was secure anyway? by liamoshan · · Score: 5, Interesting

    Doesn't everyone with a clue use it via a VPN anyway?

    Most people don't have publicly available RDP open. But there are enough Windows machines out there that even if a small percentage have RDP exposed, and only a small percentage of them aren't patched... there is still a metric shitload of vulnerable hosts.

    Dan Kaminsky has done some scanning and extrapolation to estimate that there are about 5 million RDP endpoints exposed

  2. Re:Did anyone think it was secure anyway? by Kjella · · Score: 4, Interesting

    Businesses yes for the most part, but Windows power users that would like a way to log in remotely - like Linux people ssh with X forwarding - often have RDC enabled and internet exposed. Plus if you can traverse the external firewall some other way, then launch RDC attacks on the computers that's a pretty big loophole too. Or if you're somehow on the inside already, in a big company that external wall is just a tiny bit of your defenses. Overall it's pretty critical.

    --
    Live today, because you never know what tomorrow brings
  3. Re:Did anyone think it was secure anyway? by CastrTroy · · Score: 3, Interesting

    I would say that way too many businesses have things set up to be open to the internet at large. Configure your firewalls appropriately. If you need you RDP machine accessible from "the internet" then at least configure your firewalls so that only certain IPs can access that port. If that means providing a static IP to your employees that need to connect, then so be it. Sure it's convenient to be able to connect to your computers from any other internet connected computer in the world, but it is by no means secure.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.