World Wide hacking of Microsoft RDP

- March 15, 2012 2 MIN READ

It’s not every day that Microsoft predicts the world-wide hacking of its own software… But they did yesterday.

A recently discovered vulnerability in Microsoft’s Remote Desktop Protocol (sometimes referred to as RDP or Terminal Services) is serious enough to prompt Redmond to drop this little gem in a blog post yesterday:

“Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days.”

“Check your exposure to the RDP superbug with RDPCheck.”


‘Code execution’ is I.T. security parlance for ‘doing whatever the heck you like’; meaning a bad guy or a self-propagating worm could use this flaw to gain full system access to a vulnerable system and all of its data without credentials and without any user interaction.

An ‘exploit’ is a malicious program used by the bad guys to get access to your PC or network via this vulnerability. Security researchers, both the good kind and the bad kind, develop exploits specifically for this purpose. While no exploit exists for the RDP superbug right now rest assured there are literally thousands of hackers across the globe working on it. It’s a matter of time.


What does this mean for Shoe String Startups readers?

As the name implies Remote Desktop Protocol gives users the ability to access a PC remotely as though they were sitting in front of it.

It’s often used for:

  • Remote access to Windows PCs or servers from outside of the office,
  • Remote administration of Windows networks by IT guys/girls,
  • Providing remote access to service providers (e.g. accountants accessing MYOB installed on a PC in your network),
  • and many others.

Two main threats exist…

  • Once exploit code is developed the bad guys will start to target publicly exposed RDP services (i.e. they’ll try to get in from the outside).
  • Soon after that, I expect that someone will create a self-propagating worm, which use this vulnerability to spread rapidly both across the Internet and through networks once inside.

What can I do to protect myself?


  • Check your PC and your network’s exposure to the bug from the Internet using RDPCheck, a free, fast, web-based, non-invasive and totally safe tool that myself and Serg Belokamen have put together.
  • Microsoft has released a bunch of recommendations on this blog post and this advisory. Read them and follow them.
  • If you’re still confused and needing assistance my company the Tall Poppy Group are available to help. Get in touch via our website.


Like so much of I.T. security if you just do to simple things right you’ll most likely be fine.



Casey Ellis @caseyjohnellis is an independent security consultant and entrepreneur. He has been in the I.T. Security industry for over 10 years and worked with client ranging from corporate and government enterprise to start-ups. He is CEO of the Tall Poppy Group, a strategic consulting firm which is also working on a few ideas of its own…