Sponsored by..

Tuesday 13 March 2012

MS12-020: this is not good

MS12-020.. what can I say except that this is NOT GOOD. If you're running RDP on your clients or servers then this is something you need to patch RIGHT NOW..

Update: the folks at the ISC think so too. This is wormable and apparently not difficult to exploit, assuming it is switched on. So, you either need to patch or disable it.. or a combination of both.

Update 2: a visitor left a note to say they were working on a vulnerability scanner at rdpcheck.com . It's not ready yet, but there's a signup form on the page for more information.

Update 3: Allegedly, there is PoC code available for this on Pastebin, although this has not been independently confirmed.

Update 4: The ISC have changed the INFOCON status to yellow because of the perceived high risk.

Update 5: There is now an nmap script available to scan for vulnerable machines here.


caseyjohnellis said...

i'm most concerned about the impact this will have on small/medium business who are notoriously lax on patching and fit the use case profile of rdp perfectly...

a mate an i are putting together a tool to check exposure to the bug from the internet. it's up at http://rdpcheck.com.

Conrad Longmore said...

Cool. I signed up :)