Tuesday, March 27, 2012

More MS12-020 (aka RDP issue) exploit tools are hitting the wild... (Here's one written with VB6 that BSOD's an unpatched systems)

F-Secure - A Tool Exploiting MS12-020 Vulnerabilities

Since the public release of Microsoft's MS12-020 bulletin, there have been plenty of attempts to exploit vulnerabilities in the Remote Desktop Protocol (RDP). Last week, we received a related sample, which turned out to be a tool called "RDPKill by: Mark DePalma" that was designed to kill targeted RDP service.

The tool was written with Visual Basic 6.0, and has a simple user interface. We tested it on machines running on Windows XP 32-bit and Windows 7 64-bit.



IT guys and gals, you have applied this patch, right? Let's see how many servers and critical resources are in your server rooms and data centers that you RDP into? Like all of them? (I mean who actually walks up to servers anymore...?) So as this vulnerabilities gets weaponized and gets into your network (and it will), what's the potential impact? Ready to patch yet? Come on, if a VB6 sample app can BSOD your RDP enabled systems [No jokes about VB6 please... I know you want to.. but please... lol ]


Related Past Post XRef:
RDPCheck.com - Quick check to see if your system is vulnerable to the recently patched RDP issue

1 comment:

Anonymous said...

There is an Android version of RDPKill out now.