Skip to main content

443 bytes is all it takes to remotely DoS RDP installations

posted onMarch 19, 2012
by l33tdawg

stratsec security researcher Sergei Shevchenko, has put together an indepth blog posting on the MS12-020 RDP vulnerability, showing that a mere 443 byte payload is all it would take to crash remote installations with a Blue Screen of Death. 

Shevchenko compared the updated system files including Rdpcore.dll and RdpWD.sys to determine the exact code changes made and found modifications of the function HandleAttachUserReq(). Using this information, he went on to construct a 443 byte payload using the original packet crash provided by Luigi Auriemma.  

While the exploit currently allows for only a DoS situation, it's still pretty severe considering it wouldn't take much for an attacker to feed a list of vulnerable IPs to Shevchenko's script. The real 'fun' however, is going to happen when someone turns this DoS into full blown code-execution.

Source

Tags

Security Microsoft Networking

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th