Microsoft announced the MS12-020 Remote Desktop Protocol was pegged for vulnerability last week by a researcher that was attempting to publish the blueprint of the program.
Luigi Auriemma, a researcher that stumbled upon a recent update that created a critical vulnerability in Microsoft’s RDP, published actual proof of concept that the system is flawed last Friday, the 20th of March. This information was not supposed to go live and was leaked without Microsoft’s consent.
Many worries stem from the fact that taking advantage of this vulnerability doesn’t require any sort of authentication, which means that it can be used to create a computer worm fairly easily. However, RDP is disabled by many Windows workstations by default so the number of potential targets for a worm is fairly low. Even so, the vulnerability will apply to enterprise environments where the RDP service is accessible through firewalls.
Microsoft calmed the general public with the fact that creating a working worm exploit would take at least a few weeks, and the company expects to have a working exploit code to prevent attacks in the next 30 days.
Auriemma beliefs that Microsoft created the exploit for internal testing and then shared it with other security vendors to enable them to create attack and malware signatures, and that whomever leaked it was probably intimately involved with Microsoft or one of the companies that was hired to create signatures. Microsoft has since confirmed this observation and is actively investigating the disclosure of shared vulnerability details to protect its customers.
System administrators who haven’t installed the patch for CVE-2012-2002 are advised to do so as soon as possible, or to look at Microsoft’s MS12-020 security bulletin for workarounds.