Microsoft has released software updates for Windows XP and 2003 to patch what it believes to be an easy-to-exploit vulnerability in Remote Desktop Services. The most troubling part of this vulnerability is that it can be exploited with no user interaction. If an attacker successfully exploited this vulnerability not only could they view, change, or steal data, they could also install harmful programs and even create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target system’s Remote Desktop Service via RDP. Because of this, only systems accessible via Remote Desktop are vulnerable.
If you have Windows XP or 2003 systems on your organization’s network, your organization is vulnerable to this attack.