Brian Krebs of Krebs on Security just posted an article on RDP hacks that exploit weak or default login credentials, and goes on to describe how that provides the basis for a cybercrime business. His article explains that Makost[dot]net rents access to more than 6000 poorly configured and, therefore, compromised Remote Desktop Protocol (RDP)-enabled servers around the globe. As Krebs says, “…the attackers simply needed to scan the Internet for hosts listening on port 3389 (Microsoft RDP), identify valid usernames, and then try the same username as the password.” It’s a classic brute-force attack and it’s aimed directly at an extremely weak target.
Many people on first reading this would consider this capability a “vulnerability” of Windows, but that’s like saying that an automated teller machine (ATM) has a “vulnerability” that allows you to get cash from your bank account. It’s a feature of the operating system and Windows is not alone in exposing functionality like it.