14 DAY TRIAL // Since it became obvious that a fully functional Remote Desktop Protocol (RDP) exploit code is available, a researcher scanned part of the Internet to determine how many computers communicate using RDP.
Security researcher Dan Kaminsky scanned around 300 million IPs, of which around 414,000 turned out to be potentially exposed to a large-scale attack. Since 300 million IPs represents approximately 8% of the entire Web, the simple conclusion is that up to 5 million devices may be exposed worldwide.
Of course, if they communicate using RDP, that doesn’t necessarily mean they are susceptible because a certain percentage may be patched up and some of them may not even run Microsoft operating systems, but still, the potential number of victims is enormous.
“There’s something larger going on, and it’s the relevance of a bug on what can be possibly called the Critical Server Attack Surface,” Kaminsky wrote on his blog.
“Not all bugs are equally dangerous because not all code is equally deployed. Some flaws are simply more accessible than others, and RDP — as the primary mechanism by which Windows systems are remotely administered — is a lot more accessible than a lot of people were aware of.”
The expert compares the situation to the one that occurred last year when a vulnerability was identified in Telnet. The number of potential victims was high, but the 20,000 devices that were estimated as being susceptible at the time cannot be compared to the millions from this scenario.
Microsoft and other security solutions providers have been urging consumers and network administrators to update their operating systems right from the day when the patch was released.
While large companies that have a dedicated IT staff may have taken this advisory very seriously, smaller businesses and individuals tend to neglect the update processes, as studies constantly demonstrate.