Navigation
Next Steps
This form does not yet contain any fields.
    IT Security Incident DB, Australia/NZ
    Main | MS REMOTE DESKTOP PROTOCOL SHREDDED (MS12-020) »
    Monday
    Mar192012

    The Search for RDP Hosts (ms12-020) MS SBS Server.

    With a sudden surge in people scanning for RDP ports that are exposed to the internet, one can assume they are building lists of possibly vulnerable hosts waiting for the chance to spring once exploit code comes on board. This of course got me thinking about profiling people most likely running RDP. Several people have been portscanning TCP 3389 but a quick list method is much easier.

    Microsoft Small Business Server = RDP Pain. I came to his conclusion as;

    It's designed to run all critical and sensitive data on one server

    • Has an internet facing design touted by MS
    • Core of most SMB's operations
    • Slower to patch the server possibly, given the liklihood to not have a dedicated IT team.
    • There is 6,000 of them indexed by Google.

    Thats right "Google Dorking" for inurl:/Remote/logon.aspx gives a little over 6,000 entries. Which is a nice way to start a list of vulnerable hosts.

    Please go patch your SBS Server.