RDP Proof-of-Concept Exploit Triggers Blue Screen of Death 128
mask.of.sanity writes "A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organizations use RDP to work from home or access cloud computing services. Only days after a patch was released, a bounty was offered for devising an exploit, and later a working proof of concept emerged. Chinese researchers were the first to reveal it, and security professionals have found it causes a blue screen of death in Microsoft Windows XP and Windows Server 2003 machines. Many organizations won't apply the patch and many suspect researchers are only days away from weaponizing the code."
Question: Virtualbox's VRDE/RDP (Score:4, Interesting)
I haven't found the answer to this yet: Virtualbox uses a flavor of RDP (or backwards compatible to RDP) called VRDE. Someone where I worked said this was a protocol problem, so exploit apply to virtualbox or is this just the implementation of RDP that Microsoft uses?
Re:Is this the hole that was patched one Tuesday? (Score:4, Interesting)
Just below your comment there's one from an AC titled "Missed the real story" indicating the exploit code was released from within MS.
That might mean some jackass got the brilliant idea that if there's going to be an exploit soon anyway, it may as well be the original one, and that will scare people into deploying the patch *right now*.
Re:Who uses RDP without a VPN? (Score:2, Interesting)
Then you don't have much exposure to the MANY SMB's that are setup like this. I even know of some otherwise competent consultants that do this. Stating that the traffic is secure.
I've closed this hole many times at new clients.
Re:Have fun (Score:4, Interesting)
That code is not real, it was a fake release from yesterday. Actual POC code is available in a number of places though and looks very similar.