Proof-of-concept RDP vulnerability code discovered. Patch Windows now

Alert. Image from ShutterstockSophosLabs has seen proof-of-concept code on Chinese websites which tries to exploit the recently announced Microsoft RDP vulnerability, causing computers to crash.

The critical vulnerability exists in Windows, and could be exploited to spread a worm automatically between vulnerable computers.

The advice from Microsoft and Sophos is to patch your copies of Windows as soon as possible, and Microsoft warned earlier this week that it expected malicious hackers to exploit the flaw within 30 days.

Well, that’s already happening. The code we’ve seen – in the form of Python scripts – attempts to exploit the MS12-020 RDP vulnerability and causes Windows computers to blue screen. It wouldn’t be a surprise if whoever is writing this code to further develop the attacks to produce a fast-spreading internet worm.

Sign up to our free newsletter.
Security news, advice, and tips.

As a result, Windows users should consider themselves on high alert and harden their defences. Microsoft has discussed the patch, and other ways to mitigate the threat, in a blog post.

Sophos is adding detection of the script we have seen as Troj/PyRDP-A.

Fake exploits for the Microsoft RDP vulnerability

Meanwhile, we have also seen what claims to be the Python script of a worm that exploits the RDP exploit.

Fake worm for exploiting Microsoft RDP flaw

The script, however, appears to be a hoax. It references a Python module that doesn’t exist (FreeRDP), and claims to be written by [email protected], an obvious reference to the high profile Anonymous hacker who was recently revealed to have been secretly working for the FBI for months.

The code doesn’t exploit the MS12-020 vulnerability.

Of course, if anyone is any doubt, there’s about as much chance of that script being written by Sabu (real name Hector Xavier Monsegur) as I have of being named the next “Doctor Who”.

Okay, stop being amused by that and patch your Windows computers now against the RDP vulnerabilty.


Image of alert sign courtesy of Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.