Microsoft Reveals a Fix for an Exploit in Remote Desktop Protocol

Written by John Ponio    Wednesday, 14 March 2012 14:47

Microsoft Logo

Microsoft has recently received a report of a pretty big exploit in their Remote Desktop Protocol. While they haven't heard of any attacks happening, they said they wouldn't be surprised if they started happening in the next 30 days. The blog post reads:

This issue is potentially reachable over the network by an attacker before authentication is required. RDP is commonly allowed through firewalls due to its utility. The service runs in kernel-mode as SYSTEM by default on nearly all platforms (except for one exception described below). During our investigation, we determined that this vulnerability is directly exploitable for code execution. Developing a working exploit will not be trivial – we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed within the next 30 days.

This exploit can only happen on computers where Remote Desktop was enabled. It should be disabled by default, and can only be enabled if you turn it on yourself. If you're not sure if you enabled it or not, simply open your start menu, right click on "Computer," and go to Properties. On the left sidebar you should see "Remote Settings." Click on that, and make sure "Don't allow connections to this computer" under "Remote Desktop" is selected if you don't use Remote Desktop. There is a Hotfix available that also fixes the issue, which can be downloaded from the blog post. Microsoft urges you to install the hotfix, and it can't really hurt so why not?