Yellow alert! Windows RDP flaw explained

When Microsoft announced the Windows Remote Desktop Protocol (RDP) security flaw last week, the Internet Storm Centre (ISC) went to INFOCON Yellow. We could end up facing a worm as serious as Conficker, Blaster and Sasser.

The vulnerability, catalogued as MS12-020 and CVE-2012-0002, exists in every version of Windows. RDP is a widely used service that's frequently exposed to the internet. That combination makes it an attractive target for criminals.

Microsoft released a patch nearly a week ago. But many computers are likely to remain unpatched for weeks or even months. Security researcher Dan Kaminsky is currently scanning the internet and, based on the results so far, he estimates that 5 million hosts are vulnerable.

A proof-of-concept exploit is already available online, which, curiously, Microsoft has said appears to match the vulnerability information it gave to its Microsoft Active Protections Program partners. It won't be long before this vulnerability is used for mayhem.

That's why the SANS Institute's ISC raised its INFOCON threat level to yellow for 24 hours to raise awareness. It's also why the free vulnerability-testing tool RDPCheck was created by Australian security consultants Casey Ellis from Tall Poppy Group and Serg Belokamen, who works for a major consulting firm.

In this week's Patch Monday podcast, Ellis joins HackLabs proprietor Chris Gatford to explain the threat and what you need to do about it.

To leave an audio comment on the program, Skype to stilgherrian, or phone (02) 8011 3733.

Running time: 31 minutes, 35 seconds