Well, that didn’t take long. As of Thursday, an MS12-020 PoC (the Remote Desktop Protocol vulnerability) is in the wild. Looks like one of Microsoft’s MAPP partners leaked some test code. This PoC code only causes a Blue-Screen-of-Death, so the damage is limited to a denial-of-service. It won’t be long until the bad guys figure out which values they need to modify to achieve remote code execution. When that happens and you still have RDP open to the Internet and unpatched, you lose. I suspect we’ll see a worm exploiting this within a week. This could end up being a SQL Slammer-type event…
Seeing the rate at which companies have been successfully attacked by Java exploits while their users surf the web, I became increasingly alarmed and wondered how I was going to defend my own network. I had always known that Active Directory Group Policy could push out software, but I had never explored the option as I thought it sounded too involved.
The MS12-020 vulnerability for which Microsoft released a patch yesterday is about as bad as you can get. The vulnerability requires *no* authentication, can be exploited from *any network* that has connectivity to a Remote Desktop Protocol (RDP) service, and gives an attacker a full GUI at the super-user level (the SYSTEM account on Windows). Game. Over.
In my previous two blog posts, we looked at the insights and interesting findings contained within the latest Microsoft Security Intelligence Report. The report is now getting some press in the tech community, and one article in particular caught my attention. A report published by H Security notes, with some surprise, that “users are responsible for nearly half of all infections.” This doesn’t surprise me at all, though.Read more