Working exploit for MS12-020 RDP flaw found
Posted on 16 March 2012.
The vulnerability in Microsoft's Remote Desktop Protocol (RDP) implementation (MS12-020) - a patch for which has been released by during the last Patch Tuesday - has been deemed critical enough to warrant a an immediate implementation of the patch, as it was expected that an exploit for the vulnerability would pop up in the wild in fewer than 30 days.

But, as it turns out, it took only one.

According to Threatpost, a working exploit has surfaced on a Chinese download site and researchers who have analyzed it have confirmed that it triggers a blue-screen-of-death scenario on computers running Windows 7 and a DoS condition on those with Windows XP.

The speed with which a working exploit has found its way to the public has probably surprised a lot of people, but there seems to be a good explanation for it: the exploit code found on the Chinese site contains the exact packet that Luigi Auriemma - a well-known researcher that first spotted the flaw in question - sent to TippingPoint's Zero Day Initiative along with details about the vulnerability.

The packet and the advisory were after that forwarded to Microsoft, and have ultimately been shared by the company with the members of its Microsoft Active Protection Program (MAPP) - a circle of vetted security companies that receive the information before Patch Tuesday so that they implement defenses against the exploits in their offerings.

It is still unknown who leaked the information and why, but Auriemma seems entirely positive that it's his PoC code, so he published it and the corresponding advisory on his page.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th