Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Remote Desktop Exploit In the Wild

Posted by samzenpus on Sunday March 18, 2012 @09:03PM from the known-weakness dept.

angry tapir writes "Luigi Auriemma, the researcher who discovered a recently patched critical vulnerability in Microsoft's Remote Desktop Protocol (RDP), published a proof-of-concept exploit for it after a separate working exploit, which he said possibly originated from Microsoft, was leaked online on Friday. Identified as CVE-2012-0002 and patched by Microsoft on Tuesday, the critical vulnerability can be exploited remotely to execute arbitrary code on systems that accept RDP connections."

1 of 94 comments (clear)

Min score:

Reason:

Sort:

Re:Did anyone think it was secure anyway? by liamoshan · 2012-03-18 22:05 · Score: 5, Interesting

Doesn't everyone with a clue use it via a VPN anyway?
Most people don't have publicly available RDP open. But there are enough Windows machines out there that even if a small percentage have RDP exposed, and only a small percentage of them aren't patched... there is still a metric shitload of vulnerable hosts.
Dan Kaminsky has done some scanning and extrapolation to estimate that there are about 5 million RDP endpoints exposed