F-Secure’s blog is reporting about a tool that exploits MS12-020 vulnerabilities.
Since the public release of Microsoft’s MS12-020 bulletin , there have been plenty of attempts to exploit vulnerabilities in the Remote Desktop Protocol(RDP). Recently, a new tool appeared called “RDPKill by: Mark DePalma” that was designed to kill targeted RDP service.
The tool was written with Visual Basic 6.0, and has a simple user interface.
Both the Windows XP 32-bit and the Windows 7 64-bit computers are affected by the Denial of Service (DoS) attack. The service can crash and trigger a “Blue Screen of Death” (BSoD)…(the error screen seen when Windows crashes).
Some anti-virus engines are detecting this tool as Hack-Tool:W32/RDPKill.A. (SHA-1: 1d131a5f17d86c712988a2d146dc73367f5e5917).
Besides RDPKill.A, other similar tools and Metasploit modules can also be found online. Due to their availability, an unpatched RDP server would be an easy target of DoS attack by attackers who might be experimenting with these tools.
For those who still haven’t patched their system, especially those running RDP service on their machines, we strongly advise that you to do so as soon as possible.