MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

5 Top security flaw found in corporate networks

Alert: Apple Security Bulletin

Alert: MS Security Bulletins

Alert: MS Security Tips

Browser crash test

Critical Alert

Firewall

Firewall on fire!

Hoaxes: E-mail

Internet Protocol Network Camera Surveillance

Mail relay test

Network Setup Checklist

Network Worms

On-line Privacy

Process - OK

Process - Bad & Ugly

Rootkits

Rotten Cookies

TCP Holed

TCP Port

TCP Port ~ 1024

TCP Port ~ 1352

TCP Port ~ 2500

TCP Port ~ 65301

TCP Port Scan

Web Security
Home » Network Security » Alert: MS Security Bulletins » Aug 2005 OS Security Bulletin » 

Microsoft Security Advisory (904797) MS05-041

Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service was published on 16 July 2005. Solution was published in Security Bulletin MS05-041 on 9 August 2005.

A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP. Services with RDP include Terminal Services in Windows 2000 and Windows Server 2003, and Remote Desktop Sharing and Remote Assistance in Windows XP. Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol.

RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said.

The advisory was released after the security researcher who discovered the flaw last week flagged Windows XP as vulnerable. While most Windows versions ship with RDP services disabled, Remote Desktop is turned on out-of-the-box in Windows XP Media Center Edition. Only computers using services that have RDP enabled are vulnerable, Microsoft said in its advisory.

Microsoft said it is working on a patch, but noted that it is not aware of any attacks that try to exploit the vulnerability. However, security experts at The SANS Institute did notice an increase in port scanning activity on the network port used by RDP. That could be a sign that hackers are trying to look for targets.

Microsoft suggests users block TCP port 3389 (the port used by RDP) on their firewall, disable Terminal Services or Remote Desktop if not required, or secure remote desktop connections using either Internet Protocol Security or a virtual private network connection.

Affected Software are Microsoft Windows 2000 Server Service Pack 4, Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2, Microsoft Windows XP Professional x64 Edition, Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Windows Server 2003 x64 Edition.

Non-Affected Software are Microsoft Windows 2000 Professional Service Pack 4, Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME).
 

commentPost your comment 
Mail this pageMail this page


© 2004-2008. All Rights Reserved.