Well, that didn’t take long. As of Thursday, an MS12-020 PoC (the Remote Desktop Protocol vulnerability) is in the wild. Looks like one of Microsoft’s MAPP partners leaked some test code. This PoC code only causes a Blue-Screen-of-Death, so the damage is limited to a denial-of-service. It won’t be long until the bad guys figure out which values they need to modify to achieve remote code execution. When that happens and you still have RDP open to the Internet and unpatched, you lose. I suspect we’ll see a worm exploiting this within a week. This could end up being a SQL Slammer-type event…

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter