The Latest in IT Security

A tool exploiting MS12-020 vulnerabilities


Since the public release of MS12-020 bulletin, there have been plenty of attempts to exploit the Remote Desktop Protocol (RDP) vulnerabilities. Last week, we received a related sample, which turned out to be a tool called ‘RDPKill by: Mark DePalma’ that was designed to kill targeted RDP service.

rdpkill_screenshot1 (24k image)

The tool was written with Visual Basic 6.0, and uses a simple user interface. We tested it on machines running on Windows XP 32-bit and Windows 7 64-bit.

rdpkill_screenshot2 (46k image)

Both of the Windows XP 32-bit and Windows 7 64-bit machines were affected by the Denial of Service (DoS) attack. The service crashed and triggered the Blue Screen of Death (BSoD) condition.

rdpkill_bsod (144k image)

We detect this tool as Hack-Tool:W32/RDPKill.A. (SHA-1: 1d131a5f17d86c712988a2d146dc73367f5e5917).

Besides RDPKill.A, other similar tools and metasploit module can also be found online. Due to their availability, unpatched RDP server would be an easy target of DoS attack by attackers who might be experimenting with these tools.

For those who haven’t patched their system, especially those running RDP service on their machines, we strongly advise you to do so as soon as possible.

Blog post by – Azlan and Yeh

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments