BleepingComputer.com: Windows XP SP2 vulnerability - Remote Desktop

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Windows XP SP2 vulnerability - Remote Desktop

#1 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

  Posted 15 July 2005 - 05:39 AM

Quote

badpack3t announced the discovery of a so far unpatched vulnerability in Windows XP SP2. The vulnerability in due to a flaw in the remote desktop assistant. This service is NOT FIREWALLED in XP SP2's default firewall configuration.

badpack3t was able to cause a blue screen. However, there is a chance that this could be used to execute code remotely.

RDP uses port 3389 TCP. In one MSFT document, 3389 UDP is mentioned, but we could not verify that RDP listens on 3389 UDP.

Our sensors did see a slight increase in port 3389 TCP scanning starting about two weeks ago. The increase is small, and somewhat consistent with a small number of new scanners.


The remote desktop assistant should be turned off if it is not needed. This only applies to XP SP2 and you can do this by:

1. Right mouse clicking on My Computer, selecting Properties
2. Then select the Remote tab.
3. From there you can uncheck options to turn off the Remote Assistant capabilities if they are not needed.

More links below:

Windows XP SP2 vulnerability - Remote Desktop Assistant

Secunia Advisory on DoS potential

Immunity Security Notice
Microsoft Security Journal

#2 User is offline   harrywaldron 

  • Security Reporter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 509
  • Joined: 10-April 04
  • Gender:Male
  • Location:Roanoke, Virginia

Posted 17 July 2005 - 05:39 AM

Microsoft Advisory on the Vulnerability in RDP

Microsoft has released a security advisory on the vulnerability in Remote Desktop Protocol (RDP). Their initail investigation has confirmed the DoS vulnerability. Services that utilize RDP are not enabled by default, but Remote Desktop is enabled by default on Windows XP Media Center Edition. The advisory has provided the following workarounds:

* Block TCP port 3389 at the firewall.
* Disable Terminal Services or the Remote Desktop feature if they are not required.
* Secure Remote Desktop Connections by using an IPsec policy.
* Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection.
Microsoft Security Journal

#3 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,506
  • Joined: 09-July 05
  • Gender:Male
  • Location:Virginia, USA

Posted 18 July 2005 - 01:56 PM

Quote

Microsoft Rushes to Fix Critical XP Flaw
By Nate Mook, BetaNews
July 18, 2005, 2:01 PM

Microsoft is rushing to patch a critical flaw in the Windows Remote Desktop Service, which affects fully updated Windows XP machines. The problem could be exploited by an attacker to cause a denial of service attack that crashes the PC with a Windows "blue screen of death."

Microsoft was informed of the flaw on May 4, and plans to issue a patch in its August security bulletin. The problem was discovered by Security Protocols, which posted a screenshot of a system being crashed.

betanews.com
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users