Besides marking the RDP flaw as critical, Microsoft advised that it’s possible that cybercriminals could have a working exploit released into the wild within the next month. That’s a very realistic possibility, with members of a Chinese forum site reportedly having uploaded code earlier this morning.
Another group is actively seeking an exploit. Over at Gun.io, an open source coding community that’s a little bit Kickstarter and a little bit GitHub, they’re offering a reward of around $1,500 for functional code that exploits the Windows RDP flaw. The goal, according to founder Rich Jones, is to “advance the culture of independent software development.”
As security researchers Brian Krebs notes, that’s a pretty humble bounty for a working exploit of such a high-profile Windows flaw, but it’s still sure to get more coders actively hammering away at their keyboards.
Fortunately, there’s already a patch available from Microsoft. If you have automatic updates enabled, you should have already received the fix. If not, you can download it manually from Microsoft here. Windows 7, XP, Vista, Server 2003, and Server 2008 are all affected, so if you’re not sure whether or not you’re already protected play it safe and grab the patch as soon as possible.
Doing so will ensure that your machine is safe regardless of whether or not the bad guys figure out how to get the exploit code prepped for distribution in the coming weeks. You’re not at great risk if the RDP service isn’t running on your system, but better safe than sorry, right?
More at Microsoft and Krebs On Security
No comments:
Post a Comment