MS12-020 exploit in-the-wild ...
FYI...
Tool Exploiting MS12-020 Vulnerabilities ...
- http://atlas.arbor.net/briefs/
Severity: Elevated Severity
Published: Wednesday, March 28, 2012 19:20
An easy-to-use denial of service tool for the Microsoft Remote Desktop Protocol vulnerability has been released.
Analysis: While a metasploit module has been available for some time, a new, easy-to-use point and click tool lowers the bar. Organizations that have yet to patch should do so...
Source: http://www.f-secure.com/weblog/archives/00002338.html
MS12-020 exploit in-the-wild ...
- https://www.f-secure.com/weblog/archives/00002338.html
March 27, 2012 - "Since the public release of Microsoft's MS12-020 bulletin, there have been plenty of attempts to exploit vulnerabilities in the Remote Desktop Protocol (RDP). Last week, we received a related sample, which turned out to be a tool called "RDPKill by: Mark DePalma" that was designed to kill targeted RDP service. The tool was written with Visual Basic 6.0, and has a simple user interface. We tested it on machines running on Windows XP 32-bit and Windows 7 64-bit... Both the Windows XP 32-bit and the Windows 7 64-bit computers were affected by the Denial of Service (DoS) attack. The service crashed and triggered a "Blue Screen of Death" (BSoD) condition*...
* https://www.f-secure.com/weblog/arch...pkill_bsod.png
We detect this tool as Hack-Tool:W32/RDPKill.A. (SHA-1: 1d131a5f17d86c712988a2d146dc73367f5e5917). Besides RDPKill.A, other similar tools and Metasploit module can also be found online. Due to their availability, an unpatched RDP server would be an easy target of DoS attack by attackers who might be experimenting with these tools. For those who still haven't patched their system, especially those running RDP service on their machines, we strongly advise that you to do so as soon as possible..."
