A working exploit has been found for MS12-020 RDP flaw

A vulnerability found in Microsoft’s Remote Desktop Protocol (RDP) implementation (MS12-020) – the patch was released this tuesday - was flagged as critical enough to make a quick implementation of the patch, because almost everybody thought that an exploit for this vulnerability shall appear in less than 30 days.

Actually it took only one day for an exploit of MS12-020 to become available for download.

As Threatpost stated, the working exploit for MS12-020 became available on a Chinese download website and the engineers who  analyzed it said that indeed it would triggers a blue-screen-of-death on desktops and laptops running Windows 7 and a DoS condition on computers with Windows XP.

It might be a surprise that in such a short time a working exploit has become availabe for download but this might have a solid explanation: the code found in the exploit from the Chinese download website contained the same packet that Luigi Auriemma – the researcher that first found this flaw and sent it to TippingPoint’s Zero Day Initiative together with details about this vulnerability.

This packet and the details were finally sent to Microsoft, and in the end were shared with the staff of Microsoft Active Protection Program (MAPP). MAPP is a small group of companies that activate in the field of network security that are informed before Patch Tuesday in order to integrate defens packacges against the exploits in their software.

Unfortunatelly it is not known from where was this information leaked and why, but Auriemma looks very sure that it is his PoC code for MS12-020, so he has published it for download on his page.