The Inquirer-Home

Sophos warns about a fresh Windows exploit

You were told to patch it
Fri Mar 16 2012, 15:23

SECURITY FIRM Sophos has already found an exploit in the wild for the serious Windows vulnerability that Microsoft warned about earlier this week.

The problem came up during Microsoft's recent Patch Tuesday update, when Microsoft said that it expected people to start exploiting it within 30 days.

"Note that CVE-2012-0002 was privately reported and we are not aware of any attacks in the wild. Additionally, the remote desktop protocol is disabled by default," said Microsoft when it confessed to the critical vulnerability earlier this week.

"However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."

Those 30 days turned out to be just three as Sophos said that it had uncovered proof of concept code for an attack on Chinese web sites. We've found it as well. It is being circulated on Twitter and is posted on Reddit.

As Microsoft had earlier this week, Sophos said that users should patch their systems right away. "The hackers worked quickly on this particular vulnerability and we've already seen attempts to exploit the flaw which exists in a part of Windows called the Remote Desktop Protocol (RDP)," said Graham Cluley, senior technology consultant at Sophos.

On his blog at Sophos Cluley said that the Python script could cause Windows to throw up its infamous blue screen of death, and suggested that the authors of the attack are working on something more significant.

"Affected Windows computers will 'blue screen', but I wouldn't be surprised if whoever is writing this code tries to develop the attack further to produce a fast spreading internet worm. Windows users should consider themselves on high alert and harden their defences by patching their PCs as soon as possible, before we see this worm turn even more malicious."

He added that another attack that sounds similar is a hoax. "It references a Python module that doesn't exist (FreeRDP), and claims to be written by sabu@fbi.gov, an obvious reference to the high profile Anonymous hacker who was recently revealed to have been secretly working for the FBI for months," he explained.

"The code doesn't exploit the MS12-020 vulnerability." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?