Proof-of-concept malware, developed internally within Microsoft to test a critical vulnerability in Windows’ Remote Desktop Protocol (RDP), has leaked on to the internet.
Last week, Microsoft announced that it had discovered a critical vulnerability in RDP, allowing hackers to install malware without the end user being aware of the attack. It issued a patch closing the vulnerability as part of the most recent Windows Update.
According to TechWorld, the source code to malware taking advantage of the vulnerability, internally developed by Microsoft as a Proof of Concept, has leaked on to a Chinese file hosting site.
SMEs are urged to make sure all their Windows PCs are updated, or at least have Network Level Authentication enabled, and that all security software is up to date.