Critical RealVNC vulnerability discovered

If you are running RealVNC for remote access you should make sure to upgrade the server software due to a recently discovered critical vulnerability. This is especially true if the VNC machine is available on the standard port and without VPN requirements.

“Using the following method, it is trivial to gain access to any RealVNC server without knowing the password. This allows full control of the target machine, with privilege levels equalling that of the user under which the RealVNC server runs – often full Administrator access on Windows desktops.”

Full article on securityfocus.com: RealVNC 4.1.1 Remote Compromise

Published by

lekkim

Positive, competent, out-spoken, frank and customer focused architect and developer with a strong foundation in web, cloud and product development. I'm a strong advocate for API first and cloud based solutions and development. I have a knack for being able to communicate and present technically complicated matters in conference, customer and training settings. I've previously acted as team member and leader in a product organisation.