Storms and Miller agreed that that first wave will be, as Miller put it, a "scattershot" style attack where hackers use search engines and port sniffing to find as many RDP-enabled machines as possible. Later, targeted attacks aimed at administrators' PCs -- which they use to remotely manage their companies' data servers -- or those launched from bots already inside a network, seem likely.
Microsoft downplayed the threat to some degree, saying both in the MS12-020 bulletin and in the SRD blog that RDP was not turned on by default in any supported version of Windows.
Miller thought that was misleading. "I'm a little concerned that Microsoft is implying that RDP is not commonly used," said Miller. "It's used by server administrators and help desks.... It's a really good technology ... and enabled on a lot of corporate networks."
Storms pitched in as well.
"RDP is the way to remotely manage your servers," said Storms. "Let's be honest, it's enabled more often than not, and [switched on] on virtually every server."