Yellow alert! Windows RDP flaw explained

Summary:When Microsoft announced the Windows Remote Desktop Protocol (RDP) security flaw last week, the Internet Storm Centre (ISC) went to INFOCON Yellow. We could end up facing a worm as serious as Conficker, Blaster and Sasser.

When Microsoft announced the Windows Remote Desktop Protocol (RDP) security flaw last week, the Internet Storm Centre (ISC) went to INFOCON Yellow. We could end up facing a worm as serious as Conficker, Blaster and Sasser.

The vulnerability, catalogued as MS12-020 and CVE-2012-0002, exists in every version of Windows. RDP is a widely used service that's frequently exposed to the internet. That combination makes it an attractive target for criminals.

Microsoft released a patch nearly a week ago. But many computers are likely to remain unpatched for weeks or even months. Security researcher Dan Kaminsky is currently scanning the internet and, based on the results so far, he estimates that 5 million hosts are vulnerable.

A proof-of-concept exploit is already available online, which, curiously, Microsoft has said appears to match the vulnerability information it gave to its Microsoft Active Protections Program partners. It won't be long before this vulnerability is used for mayhem.

That's why the SANS Institute's ISC raised its INFOCON threat level to yellow for 24 hours to raise awareness. It's also why the free vulnerability-testing tool RDPCheck was created by Australian security consultants Casey Ellis from Tall Poppy Group and Serg Belokamen, who works for a major consulting firm.

In this week's Patch Monday podcast, Ellis joins HackLabs proprietor Chris Gatford to explain the threat and what you need to do about it.

To leave an audio comment on the program, Skype to stilgherrian, or phone (02) 8011 3733.

Running time: 31 minutes, 35 seconds

Topics: Microsoft, Security, Windows

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.