Monday, 9 December 2013
Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (MS12-020) - Validating the Findings
Results from Qualys Scan
Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (MS12-020)
The Remote Desktop feature in Windows enables access to all of the programs, resources and accessories on a user's computer from a second Windows-based computer.
A remote code execution vulnerability exists in the way the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted (CVE-2012-0002).
A denial of service vulnerability exists in the way the Remote Desktop Protocol service processes packets. An attacker who successfully exploited this vulnerability could cause the target service to stop responding (CVE-2012-0152).
Successfully exploiting these vulnerabilities might allow a remote attacker to execute arbitrary code or cause a denial of service.
Validating the Findings:
Using NMAP to verify the Vulnerability
#nmap -sV -p 3389 --script rdp-vuln-ms12-020 <IP>