Hacklabs has rebranded to Pure Security. Please visit our new website at https://www.pure.security for more information.
Mar 19 2012

The Search for RDP Hosts (ms12-020) MS SBS Server.

With a sudden surge in people scanning for RDP ports that are exposed to the internet, one can assume they are building lists of possibly vulnerable hosts waiting for the chance to spring once exploit code comes on board. This of course got me thinking about profiling people most likely running RDP. Several people have been portscanning TCP 3389 but a quick list method is much easier.

Microsoft Small Business Server = RDP Pain. I came to his conclusion as;

It's designed to run all critical and sensitive data on one server

  • Has an internet facing design touted by MS
  • Core of most SMB's operations
  • Slower to patch the server possibly, given the liklihood to not have a dedicated IT team.
  • There is 6,000 of them indexed by Google.

Thats right "Google Dorking" for inurl:/Remote/logon.aspx gives a little over 6,000 entries. Which is a nice way to start a list of vulnerable hosts.

Please go patch your SBS Server.

Update on Wednesday, March 21, 2012 at 12:25PM by HackLabs

Contact Us