Hackers post bounty for RDP exploit

By on
Hackers post bounty for RDP exploit

HD Moore chips in for Metasploit module.

The race appears to be on to develop a working exploit for a serious Windows vulnerability patched earlier this week by Microsoft.

The bug in Remote Desktop Protocol (RDP), which allows for the remote connection to other computers, enables an uncredentialed attacker to access and install malicious code on a machine running the tool, if it does not have network-level authentication enabled.

"That's obviously much more serious than a vulnerability which relies upon a user to click on an attachment, or be tricked into running a piece of code," Graham Cluley, senior technology consultant at security firm Sophos, wrote in a blog post on Wednesday.

Microsoft has said it expects a successful exploit to be developed within a month because of "the attractiveness" of the vulnerability to criminals.

Security experts are particularly concerned about the flaw because it affects all Windows versions and could give rise to a worm. Last year, the Morto worm spread, and provided an example of what can happen when there is a weakness in RDP.

So far, however, Microsoft has not seen any public exploit code or active attacks.

But, according to Russian security firm Positive Technologies, working code already has appeared on a Chinese forum, though the link provided no longer is functional.

And blogger Brian Krebs pointed out that a bounty has been posted on developer site Gun.IO, funded in part by Metasploit creator HD Moore. 

A Microsoft spokesperson could not immediately be reached for comment.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:
In Partnership With

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?