Tuesday, March 20, 2012

MS RDP Advisory Issued by ICS-CERT

Yesterday the DHS ICS-CERT issued a short, very-understated advisory about the Microsoft Remote Desktop Protocol (RDP) memory corruption vulnerability. They note that while this is not an ICS specific vulnerability, that it will almost certainly have a major impact on ICS security because of the widespread use of RDP in control systems applications. The vulnerability was reported in a coordinated disclosure by Luigi (almost certainly his most important vulnerability report to date in his prolific career) through the ZDI program. Luigi’s proof-of-concept exploit code was leaked, apparently as part of the MS information sharing process.

The vulnerability would allow a relatively low skilled attacker to use publicly available exploit code to remotely attack a system to cause a ‘blue-screen of death’ (the ultimate DOS attack) or execute arbitrary code. Microsoft does have a patch available (and distributed on their automated system).

There are all sorts of interesting side stories about this particular vulnerability and we will certainly be hearing more about MS 12-020 in the future.

No comments:

/* Use this with templates/template-twocol.html */