Proof-of-concept code has surfaced on several Chinese websites targeting the recently patched Windows Remote Desktop Protocol (RDP) vulnerabilities, consistent with security researchers and antimalware vendors that track new exploit code.
Microsoft Security Research and Defense blog.“Developing a working exploit aren't trivial â€" we'd be surprised to look one developed within the following couple of days,†the MSRC engineers said. “However, we predict to determine working exploit code developed throughout the next 30 days.â€
The proof-of-concept code appears to make a Windows system crash. Some security experts say it is the first step before an attacker creates a network worm.
For users of Windows Vista, Server 2008, Win7 and Server 2008 R2 systems, Microsoft has issued a one-click, no-reboot fix which will mitigate the problem. The update would enable Network-Level Authentication, preventing an attacker from targeting the vulnerabilities without credentials.
“We strongly recommend that consumers examine and get ready to use this bulletin once possible,†wrote Angela Gunn, a spokesperson with Microsoft Trustworthy Computing.
Nessun commento:
Posta un commento
Comments links could be nofollow free