Description: We've all heard about the MS12-020 remote code execution vulnerability discovered in the MS RDP service. Interestingly, MS estimated around 30 days for an exploit to appear but a raw POC appeared within hours. Luigi Auriemma, the Italian researcher who discovered the vulnerability analyzed the POC and to his surprise, this contained the code he had sent to ZDI and Microsoft. The blame game seems to have started as to who leaked this out?
More on this:
http://arstechnica.com/business/news/2012/03/suspicions-arroused-as-exploit-for-critical-windows-bug-is-leaked.ars
http://aluigi.org/adv/ms12-020_leak.txt
Tags: securitytube , speak-up ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
This speak up idea is really awesome. every one can share their ideas and voices over the security related topics.
MS12-020 is already having multiple poc are there. and the poc are worked fine and looking forward to see the exploit in metasploit or other frameworks.
Awesome! I really think that everyone screwed up here. Wonder how many servers must have been r00ted with this 0Day. Happy I stopped using Windows as servers :) In the hosted environment, RDP is MANDATORY! I am sure 100s of servers must have been hacked by now.
great video vivek sir, well i am not good in this kind of speak up, but as neo said awsome idea :) really this will help a lot to learn more and more about security :D, and yeah gonna try this remote code execution vuln now :D, thanks
Fantastic video Vivek ,and what a great idea to engage the community, I especially liked the "Trusted Partner" comments.
Funny that just about anyone with 10,000+ MS deployments could apply for a "trusted partner" position :)
Great idea!
aaaaand the DoS made it into the framework...I gues nobody has an arbitrary execution that they value at $1500 USD
In all fairness, $1500 for the remote execution exploit is not even pocket change :) If anyone had it, they would probably use it or sell it to a govt.
Hi guys,
i've got some code in ruby, but i don't know how to stuff it in to metasploit. Is there any tutorial how to create new module? as i never done such a thing before.
sorry, for my script kiddie mentality
ahhhhhh i've been noob, ignore my post
The thing that scares me most are the ones we DON'T know about. How many years have some people had access to our computers that we don't know anything about?