Security Market Segment LS
Monday, 19 March 2012 10:59

Windows RDP exploit made public


A proof of concept exploit of Windows' Remote Desktop Protocol is circulating. If you can't patch your systems immediately, other protections may be called for.

Among the security bulletins released last week (March 13, US time) by Microsoft was one concerning a vulnerability in Remote Desktop Protocol (RDP). The company allocated the highest deployment priority to this patch, warning that a successful exploit was likely within 30 days.

Microsoft also provided a 'Fit It' to mitigate the risk for those who considered it necessary to conduct their own testing before deploying the update.

On Friday March 17 (US time), Microsoft revealed that it had been aware of a publicly available proof of concept exploit of the vulnerability. Although the vulnerability could allow remote code execution, Microsoft officials say the proof of concept only results in a denial of service.

"We continue to watch the threat landscape and we are not aware of public proof-of-concept code that results in remote code execution," said Yunsun Wee, director, trustworthy computing at Microsoft.

The company made information about the issue available to its security partners, allowing them to build protection into their products.



Trend Micro CTO Raimund Genes said "As a remote desktop protocol that is widely used within enterprises this is really severe as attackers will be able to remotely control an affected system."

Symantec officials said "We have not yet seen any PoC that provides remote code execution." Sophos senior technology consultant Graham Cluley observed "Windows users should consider themselves on high alert and harden their defences."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments