Joe’s Garage (SMB): Most Likely to be Pwned by RDP

Last week, we advised readers to apply Microsoft update MS12-020 sooner than later. For those of you that have — good work. And if you haven’t yet applied the patch — stop delaying.

Ever since MS12-020 was released, there’s been a flurry of activity attempting to “weaponize” the Remote Desktop Protocol (RDP) vulnerability. The race to an exploit is on and is in top gear. Lab Analyst Timo Hirvonen is tracking the situation on his Twitter account.

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol.
Microsoft Security Bulletin MS12-020 – Critical

So… just how many computer could be affected by this RDP bug?

Well, researcher Dan Kaminsky scanned the Internet and estimates that there are millions of computers that are exposed.

Extrapolating from this sample, we can see that there's approximately five million RDP endpoints on the Internet today.
RDP and the Critical Server Attack Surface

What do you need to do?

Lenny Zeltser offers the following advice.

Understand what systems in your environment expose RDP to the Internet. Create a plan to apply the MS12-020 as soon as practical.
The Risks of Remote Desktop for Access Over the Internet

A good portion of our (enterprise) readership has probably already started taking action on this issue.

Consumers (home users) don’t generally have RDP enabled.

So… what does that leave us? Small and medium businesses.

As Casey John Ellis points out, Remote Desktop is very often enabled by outsourced IT contractors, and the small business owners may not have any idea that it’s enabled.

RDP is usually enabled by I.T. contractors without explanation to the business owner
Why Small/Medium Businesses are at the Greatest Risk from the New Microsoft RDP Bug

We have to agree with Ellis, small and medium business are at significant risk. Fortunately, Ellis and a friend have offered a helpful tool that a small business owner could use to access risk: RDPCheck.

To use RDPCheck, visit From there, you can initiate a scan for vulnerabilities on your IP address.

On 19/03/12 At 11:54 AM

Read more: Joe’s Garage (SMB): Most Likely to be Pwned by RDP

Story added 19. March 2012, content source with full text you can find at link above.