RDP flaw a harbinger of breaches

Powered by SC Magazine
 

Small businesses most at risk from dangerous vulnerability.

A vulnerability in Microsoft's Remote Desktop Protocol (RDP) is predicted to cause mayhem for organisations this year with small businesses most notably at risk.

The flaw, announced in a patch tuesday release overnight (CVE 2012-0002) provides attackers with remote access to networks that have RDP enabled.

Attackers could execute code at a priveleged level without the need to provide credentials, if the target machine does not have network-level authentication enabled. 

And many do not, according to experts.

 

"We will still be exploiting this in a year," said Chris Gatford, director of penetration testing firm HackLabs. "There hasn't been anything this serious in years."

He said almost all organisations run RDP internally and about a third have the service activated externally, notably to connect to cloud computing services.

Security consultant Casey Ellis said exploits for the hole would be developed within weeks.

"Someone will create a worm soon for this," he said. "Over the coming weeks, we'll not be talking about seeing risk to businesses -- we'll be talking about them getting owned."   

He said countless small businesses would have RDP enabled both internally and many externally for remote access.

"I haven't seen anything this bad since Sasser or Blaster."

Ellis has today registered the web site RDPcheck and will create a "quick and dirty" tool that will check whether a machine is vulnerable to the flaw.

Remember to sign up to our daily newsletter to stay connected with the latest news and analysis from Australia and around the world.

Microsoft recommended that customers apply Network Level Authentication which would mitigate the attack prior to applying the patch, but Gatford pointed out that this would cut off connectivity for XP machines. 

He said users should run RDP behind gateways. Windows XP users could download and enable CredSSP, while users running Terminal Services Gateway should restrict access to the host to known and trusted networks.

Microsoft said RDP was disabled by default adding it was not aware of attacks against the privately-reported vulnerability.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," the company said.

Kaspersky senior security researcher Kurt Baumgartner said organisations could be compromised if staff RDP-enabled laptops were infected at public WI-Fi hotspots. 

"Once infected, they bring back the laptop within the 'walled castle' and infect large volumes of other connected systems from within.".

Copyright © SC Magazine, Australia


RDP flaw a harbinger of breaches
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Xero prepares for key feature coming in 2015
Dec 19, 2014
Xero users will be able to track how their business is comparing to other Xero users.
More 4G from Optus in Darwin
Nov 21, 2014
Click to see where Optus has expanded coverage to the suburbs near Darwin.
Optus steps up regional 4G coverage
Nov 20, 2014
Once 700Mhz services are working, Optus claims regional users will have a "faster and more ...
This Huawei 4G phone costs $99
Nov 12, 2014
The $99 Huawei Ascend Y550, available through Vodafone, enters the budget market as one of the ...
4G smartphones: Microsoft's Lumia 830
Nov 7, 2014
Microsoft has announced its flagship Windows Phone, the Nokia Lumia 830 4G, will be available in ...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1874

Vote
Do you support the abolition of the Office of the Information Commissioner?