Sources confirm that attackers are actively exploiting this vulnerability in the wild. As a sign of this, network activity on port 5900/tcp has increased seven-fold in the last four days.
Highly-functional exploit code exists in the form of an executable utility easily used to compromise vulnerable systems. Administrators are strongly urged to immediately apply other effective mitigations until patch application is complete.
Administrators relying on RealVNC password protection as the sole access method to remote systems are advised to disable all RealVNC servers until they apply the updated versions. Exploitation of this vulnerability is trivial, and detailed
information concerning the issue is available publicly. Because the vulnerability exists during the authentication stage and requires no brute forcing or password knowledge for access, it is likely that exploitation will be a top priority for attackers searching for potential zombie systems.
The level of access gained by the attacker is dependant on the account utilized to authenticate to Windows and facilitate the startup of the RealVNC server.