Working exploit for MS12-020 RDP flaw found
Posted on 16 March 2012.
The vulnerability in Microsoft's Remote Desktop Protocol (RDP) implementation (MS12-020) - a patch for which has been released by during the last Patch Tuesday - has been deemed critical enough to warrant a an immediate implementation of the patch, as it was expected that an exploit for the vulnerability would pop up in the wild in fewer than 30 days.

But, as it turns out, it took only one.

According to Threatpost, a working exploit has surfaced on a Chinese download site and researchers who have analyzed it have confirmed that it triggers a blue-screen-of-death scenario on computers running Windows 7 and a DoS condition on those with Windows XP.

The speed with which a working exploit has found its way to the public has probably surprised a lot of people, but there seems to be a good explanation for it: the exploit code found on the Chinese site contains the exact packet that Luigi Auriemma - a well-known researcher that first spotted the flaw in question - sent to TippingPoint's Zero Day Initiative along with details about the vulnerability.

The packet and the advisory were after that forwarded to Microsoft, and have ultimately been shared by the company with the members of its Microsoft Active Protection Program (MAPP) - a circle of vetted security companies that receive the information before Patch Tuesday so that they implement defenses against the exploits in their offerings.

It is still unknown who leaked the information and why, but Auriemma seems entirely positive that it's his PoC code, so he published it and the corresponding advisory on his page.


A data security guy's musings on the OPM data breach train wreck

There is still way too much apathy when it comes to data-centric security. Given the sensitive data the OPM was tasked with protecting, it should have had state-of-the-art data protection, but instead it has become the poster child for IT security neglect.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Jul 28th