In a blog post, Suha Can and Jonathan Ness of Microsoft Security Response Center Engineering warned that “due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days.”
A fix for the vulnerability was issued on Patch Tuesday, but Microsoft felt it necessary to urge users to make fixing this flaw a “special priority.”
“This issue is potentially reachable over the network by an attacker before authentication is required. RDP is commonly allowed through firewalls due to its utility. The service runs in kernel-mode as SYSTEM by default on nearly all platforms....During our investigation, we determined that this vulnerability is directly exploitable for code execution”, the Microsoft researchers explained.
“The good news is that the RDP is disabled by default, so a majority of workstations are unaffected by this issue. However, we highly encourage you to apply the update right away on any systems where you have enabled remote desktop”, they added.
Jim Walter with McAfee commented that the RDP by default listens on TCP port 3389. “And because it’s so darn convenient, lots of people like to open their firewalls/ingress points to the traffic. This is a bad/dangerous/insecure thing.”
Added Graham Cluley with Sophos: “The security hole affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. The nature of the vulnerability, and the fact that it impacts such a wide range of Windows computers, makes it very attractive to attackers.”