Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

RealVNC 4.1.1 and prior exploits on the loose

As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are …

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn't indicate 4.1.0 to be vulnerable.) Don't take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product. Here are some samples from incidents.org...
Austin from the UK reports that all shared printers in his office stated to print: Dear Network Administrator.

Please do not be alarmed.

My team is network security specialist.

You are using a vulnerable version of VNC.

Please upgrade your version soon.

We have not accessed your data but we could have.

Have a nice day

The intrusion reportedly happened on a workstation where a visitor left a VNC server running.

He notes that "RealVNC logs all connection IP addresses in the event manager which some people didn't know".

An Anonymous report about the installation of typical tools installed by the warez and hacker crowd such as Serv-U and pwdump.

Update....