In march 2012 a security vulnerability, MS12-020, has been detected in the famous Microsoft RDP
protocol. Everyone using the RDP protocol should be aware of the damage it can cause!
Targets:
Microsoft Windows servers / clients with RDP enabled.
Attack surface:
DoS and Remote Code Execution (not in the wild).
Researchers have been working on developing a working remote code execution exploit for the bug,
but none has been published yet.
Your Risk:
A simple program 'with some exploit code' can crash your Windows Server on the RDP port.
If you publish your RDP servers over the Internet you are a BIG target.
Proof of Concept:
A Windows Server 2008 R2 (x64) with RDP enabled.
When launching a program with the concerning exploit code the following happens:
This is really NOT GOOD !
Solutions:
- Don't use RDP :) (or try a least the RD Gateway)
- Allow only 'Remote Desktop with Network Level Authentication'.
- Patch your RDP servers.
