Aug 2005 OS Security Bulletin:
MS05-043 - Vulnerability in Print Spooler Service Link 
MS05-042 - Vulnerabilities in Kerberos Link 
MS05-041 - Vulnerability in Remote Desktop Protocol Link
MS05-040 - Vulnerability in Telephony Service Link
MS05-039 - Vulnerability in Plug and Play [Zotob Virus] Link
MS05-038 - Cumulative Security Update for Internet Explorer Link

Jul 2005 OS Security Bulletin:
MS05-037 - Vulnerability in JView Profiler Link
MS05-036 - Vulnerability in Microsoft Color Management Module Link
MS05-035 - Vulnerability in Microsoft Word Link

Jun 2005 OS Security Bulletin:
MS05-034 - Cumulative Security Update for ISA Server 2000 Link
MS05-033 - Vulnerability in Telnet Client Link
MS05-032 - Vulnerability in Microsoft Agent Link
MS05-031 - Vulnerability in Step-by-Step Interactive Training Link
MS05-030 - Vulnerability in Outlook Express Link
MS05-029 - Vulnerability in Outlook Web Access for Exchange Server Link
MS05-028 - Vulnerability in Web Client Service Link
MS05-027 - Vulnerability in Server Message Block Link
MS05-026 - Vulnerability in HTML Help Link
MS05-025 - Cumulative Security Update for Internet Explorer Link

Microsoft Security Advisory (904797) MS05-041

Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service was published on 16 July 2005. Solution was published in Security Bulletin MS05-041 on 9 August 2005.

A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP. Services with RDP include Terminal Services in Windows 2000 and Windows Server 2003, and Remote Desktop Sharing and Remote Assistance in Windows XP. Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol.

RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said.

The advisory was released after the security researcher who discovered the flaw last week flagged Windows XP as vulnerable. While most Windows versions ship with RDP services disabled, Remote Desktop is turned on out-of-the-box in Windows XP Media Center Edition. Only computers using services that have RDP enabled are vulnerable, Microsoft said in its advisory.

Microsoft said it is working on a patch, but noted that it is not aware of any attacks that try to exploit the vulnerability. However, security experts at The SANS Institute did notice an increase in port scanning activity on the network port used by RDP. That could be a sign that hackers are trying to look for targets.

Microsoft suggests users block TCP port 3389 (the port used by RDP) on their firewall, disable Terminal Services or Remote Desktop if not required, or secure remote desktop connections using either Internet Protocol Security or a virtual private network connection.

Affected Software are Microsoft Windows 2000 Server Service Pack 4, Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2, Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows Server 2003 x64 Edition.

Non-Affected Software are Microsoft Windows 2000 Professional Service Pack 4, Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME).
 

 Post your comment