RDP Proof-of-Concept Exploit Triggers Blue Screen of Death 128
mask.of.sanity writes "A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organizations use RDP to work from home or access cloud computing services. Only days after a patch was released, a bounty was offered for devising an exploit, and later a working proof of concept emerged. Chinese researchers were the first to reveal it, and security professionals have found it causes a blue screen of death in Microsoft Windows XP and Windows Server 2003 machines. Many organizations won't apply the patch and many suspect researchers are only days away from weaponizing the code."
Re:How important is this? (Score:5, Insightful)
Who uses RDP without a VPN? (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Re:How important is this? (Score:5, Insightful)
You'd be wrong. Dead wrong.
MS shops do this.
Shops that avoid MS at all costs and give control of it to finance/ms person, who have no clue about security do this.
Small businesses that just don't know better do this.
Re:How important is this? (Score:2, Insightful)
Mitigate means "reduces the severity of". If fewer machines are vulnerable, that mitigates some risk.
Re:Who uses RDP without a VPN? (Score:5, Insightful)
Then you don't have much exposure to the MANY SMB's that are setup like this. I even know of some otherwise competent consultants that do this. Stating that the traffic is secure.
I've closed this hole many times at new clients.
Ah yes, another incompetent *nix admin with his head in the sand. Since this was posted as AC I know you're probably trolling but I'll bite. Since the RDP changes starting with Windows Vista and Server 2008 (pre-R2, even) the RDP connection handshake resembles that of TLS, SSH, and other VPN protocols, utilizing RSA, certificate based identity verification, and AES (with keys transmitted during the RSA encrypted during setup).
If modern RDP is insecure, I have really bad news for SSH, e-commerce and the entire fucking world that uses TLS.
The same people who use SSH without a VPN? (Score:3, Insightful)
There is no particular reason RDP needs to be behind a VPN any more than any other protocol. It is fully encrypted, does secure password exchange and all that jazz. Same as SSH. So if you run any SSH servers that are open to the world, well there's your answer.
If you are all VPN all the time, ok, though I will caution you to carefully check your setup, VPN is often a false sense of security (particularly since in many configurations it punches through the user's NAT and host based firewall and can expose them). However if you are ok with things like SSH to your UNIX systems but not RDP to your Windows systems that just means you have a poor understanding of the protocols.
Re:M$ Windoesn't (Score:3, Insightful)
I'm sorry, mod parent up, so freaking right not even funny.
Was going to post anon, but to hell with my Karma, if you can't recognize that Microsoft isn't the same company it was 12 years ago you are part of the problem and not part of the solution. Not saying they are the best at anything, that's in the eye of the beholder. I'm just saying that Windows 7 (while needing it's code optimized like KDE4 had) is a far superior OS to Windows XP and Windows XP wasn't a bad platform to start off with. In 1999 (when it was released) it was far superior to linux in many ways and it was far worst in others. Today, the same case applies, however MS is actually now contributing to the OS community, working with the development community (see Kinect, their Sony reaction only lasted a few days).
Want to talk about Security, there are 13 known rootkits for Linux which rootkit (the application that scans for them) can't detect. There are viruses, there are kernel dumps, and worst of all there is LIBHELL, this look familiar?
/usr/lib/libboost.so.15
/boot perhaps run fschk without -j or -f? /boot ... :'( :'( )':
$ someapp
Someapp can't find libboost.so.14
$ find / -name "libboost.so.*"
$ yes QQ
QQ
QQ
QQ
QQ
QQ
^C
$
or my favorite one
Couldn't find
root$ ls
grub boot
root$
>)';
Couldn't find command:
So yeah, Linux has it's own stability and security issues, some that make me want to throw myself off a 30floor building sometimes, but I love it too, but I think Microsoft puts out an upstanding product and so does Linux.
I really don't know why I was so verbose, esp with the BS commands.
Comment removed (Score:4, Insightful)
Re:Is this the hole that was patched one Tuesday? (Score:5, Insightful)
I have employees who are allowed to come in to the VPN with their home (non-corporate-managed) machines, and no restrictions on their network traffic. I'm working on changing that but it hasn't happened as yet. Additionally, I have way too much experience with malware running on Windows machines while their installed antivirus software is happily telling anyone who asks there's nothing wrong at all.
You need to stop thinking about internal risks in terms of deliberate actions by malicious employees (which is still a risk) and start thinking more in terms of the malware they're almost inevitably running and what actions it can take without their knowledge. This is a highly wormable exploit - think SQL Slammer. I would suggest you consider your soft center as well as your hard crunchy outside for this one.