Monday, March 19, 2012 - Quick check to see if your system is vulnerable to the recently patched RDP issue


The MS12-020 vulnerability in Remote Desktop Protocol (a.k.a. RDP or Terminal Services) promises to cause some serious havoc... and many won't realise the risk until it is too late. RDPCheck is our humble attempt to make a positive difference to that...

RDPCheck helps individuals and businesses check their PC's and networks for exposure to attacks on the RDP vulnerability by hackers, bots or an RDP worm.
It's easy...

  • Enter your email address.
  • Click "Start The Test".
  • We'll run our test on the IP address you're visiting RDPCheck from. The test is quick, non-invasive, and does not put your PC, network or business at risk. If you need to test other addresses contact us.
  • Note: For your security we do NOT store your IP address/result combination.
  • A report will be emailed to you with the results and recommendations for what you should do next.

Ready? Ok.


I won't pile on about the RDP issue patched last week. You've all heard about it, that there's exploits in the wild and know to get your systems patched ASAP, so enough said there. What? You'd like to hear a little more about this?

F-Secure - Joe's Garage (SMB): - Most Likely to be Pwned by RDP

Last week, we advised readers to apply Microsoft update MS12-020 sooner than later. For those of you that have — good work. And if you haven't yet applied the patch — stop delaying.

Ever since MS12-020 was released, there's been a flurry of activity attempting to "weaponize" the Remote Desktop Protocol (RDP) vulnerability. The race to an exploit is on and is in top gear. Lab Analyst Timo Hirvonen is tracking the situation on his Twitter account.

So… just how many computer could be affected by this RDP bug?

Well, researcher Dan Kaminsky scanned the Internet and estimates that there are millions of computers that are exposed. RDP and the Critical Server Attack Surface

What do you need to do?

Lenny Zeltser offers the following advice.


It's from the above article that I found, and while a simple check and one that won't really help anyone inside of firewalls that aren't redirecting/DMZ'ing that port, I still thought it worth a quick share.

You say you don't care or are not impacted because your systems are all behind firewalls? Well that's just silly because you know that somehow, someway, exploit code will get inside your firewall and then you're systems will be toast. If you use RDP anywhere, patch.

Now go, patch.

1 comment:

caseyjohnellis said...

Hey thanks for the mention of RDPCheck Greg! Cheers.

The 2 main things we wanted to achieve with the initial release was to
1) educate the folk who have an Internet RDP exposure and aren't already aware of it, and
2) educate anyone who visits the site that the issue is not just external - As you rightly point out the internal threat is just a big a deal - Especially if/when MS12020 gets exploited by a worm. That advice is given and stressed by regardless of the result of the actual check.

Keep spreading the word! The more people who are aware of this issue the better.

I blogged about the risk to SMB over here: