badpack3t announced the discovery of a so far unpatched vulnerability in Windows XP SP2. The vulnerability in due to a flaw in the remote desktop assistant. This service is NOT FIREWALLED in XP SP2's default firewall configuration.
badpack3t was able to cause a blue screen. However, there is a chance that this could be used to execute code remotely.
RDP uses port 3389 TCP. In one MSFT document, 3389 UDP is mentioned, but we could not verify that RDP listens on 3389 UDP.
Our sensors did see a slight increase in port 3389 TCP scanning starting about two weeks ago. The increase is small, and somewhat consistent with a small number of new scanners.
The remote desktop assistant should be turned off if it is not needed. This only applies to XP SP2 and you can do this by:
1. Right mouse clicking on My Computer, selecting Properties
2. Then select the Remote tab.
3. From there you can uncheck options to turn off the Remote Assistant capabilities if they are not needed.
More links below:
Windows XP SP2 vulnerability - Remote Desktop Assistant
Secunia Advisory on DoS potential
Immunity Security Notice