I read about the attack here:
http://aluigi.org/adv/termdd_1-adv.txt
I downloaded this file:
http://aluigi.org/poc/termdd_1.dat
I used an old virtual machine that did not have recent updates, and turned off automatic updates, to prevent it from getting the patch for this exploit.
Then I turned on Remote Desktop in a virtual machine running Windows 7 Professional:
I got the IP address and tested it with a ping:
I ran the attack about 8 times to get the BSOD:
It is not healthy for the target machine!
It could not restart. I forced it to power off, and on the second restart it offered to try System Restore or Startup Repair (it's not clear which it is doing):
Don't test this attack on a machine you love!
As you can see below, I was unable to recover this machine with System Restore, I think I'll have to just discard it and make a copy of another one. This attack killed it!
UPDATE: After all those failed operations, I ran "Startup Repair" again, and the machine came back up!
