Windows flaw reaches beyond XP

Iria · Jul 18, 2005, 09:54 PM

A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP.

Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol, Microsoft said in an advisory on Saturday.

RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said.

The advisory was released after the security researcher who discovered the flaw last week flagged Windows XP as vulnerable. Microsoft confirmed the issue on Friday and published the advisory over the weekend.

Microsoft said it is working on a patch, but noted that it is not aware of any attacks that try to exploit the vulnerability. However, security experts at The SANS Institute on Saturday did notice an increase in port-scanning activity on the network port used by RDP, which could be a sign that hackers are trying to look for targets.

While most Windows versions ship with RDP services disabled, Remote Desktop is turned on out-of-the-box in Windows XP Media Center Edition. Only computers using services that have RDP enabled are vulnerable, Microsoft said in its advisory.
__________
Read More / Source: News.com

The_Neon_Cowboy · Jul 18, 2005, 10:08 PM

"While most Windows versions ship with RDP services disabled"

I think the meant enabled unless thier not talking about XP

FDM80 · Jul 18, 2005, 11:12 PM

Well, I remote desktop to my home computer from my computer at work. It's a great way to do what you need to do without having to deal with "doing stuff on a work computer you shouldn't." If push comes to shove, you can actually change the port RDP uses. I believe it's just a matter of changing a registry key, or something like that. If you are being hit on the port, you can just change it. That would be a temporary bandaid until an actual patch is issued.

nForcer · Jul 19, 2005, 01:00 AM

I, for one, am actually quite suprised it took this long for something serious to affect the method of Remote Desktop. I also wonder if Terminal Services is affected as well.

Jul 18, 2005, 09:54 PM	#1
Iria DriverHeaven Extreme Member Join Date: Apr 2004 Posts: 7,275 Rep Power: 89	Windows flaw reaches beyond XP A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP. Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol, Microsoft said in an advisory on Saturday. RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said. The advisory was released after the security researcher who discovered the flaw last week flagged Windows XP as vulnerable. Microsoft confirmed the issue on Friday and published the advisory over the weekend. Microsoft said it is working on a patch, but noted that it is not aware of any attacks that try to exploit the vulnerability. However, security experts at The SANS Institute on Saturday did notice an increase in port-scanning activity on the network port used by RDP, which could be a sign that hackers are trying to look for targets. While most Windows versions ship with RDP services disabled, Remote Desktop is turned on out-of-the-box in Windows XP Media Center Edition. Only computers using services that have RDP enabled are vulnerable, Microsoft said in its advisory. __________ Read More / Source: News.com

Jul 18, 2005, 10:08 PM	#2
The_Neon_Cowboy HardwareHeaven Extreme Member Join Date: Dec 2002 Location: U.S.A. Posts: 16,009 Rep Power: 92 System Specs	"While most Windows versions ship with RDP services disabled" I think the meant enabled unless thier not talking about XP __________________

Jul 18, 2005, 11:12 PM	#3
FDM80 DriverHeaven Lover Join Date: Mar 2003 Location: Silver Spring, MD Posts: 136 Rep Power: 0	Well, I remote desktop to my home computer from my computer at work. It's a great way to do what you need to do without having to deal with "doing stuff on a work computer you shouldn't." If push comes to shove, you can actually change the port RDP uses. I believe it's just a matter of changing a registry key, or something like that. If you are being hit on the port, you can just change it. That would be a temporary bandaid until an actual patch is issued. __________________ Verizon FIOS rules!

Jul 19, 2005, 01:00 AM	#4
nForcer Twice the fun! Join Date: Jul 2002 Posts: 1,404 Rep Power: 0	I, for one, am actually quite suprised it took this long for something serious to affect the method of Remote Desktop. I also wonder if Terminal Services is affected as well.