Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP SP2 vulnerability - Remote Desktop


  • Please log in to reply
2 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:03:11 AM

Posted 15 July 2005 - 05:39 AM

badpack3t announced the discovery of a so far unpatched vulnerability in Windows XP SP2. The vulnerability in due to a flaw in the remote desktop assistant. This service is NOT FIREWALLED in XP SP2's default firewall configuration.

badpack3t was able to cause a blue screen. However, there is a chance that this could be used to execute code remotely.

RDP uses port 3389 TCP. In one MSFT document, 3389 UDP is mentioned, but we could not verify that RDP listens on 3389 UDP.

Our sensors did see a slight increase in port 3389 TCP scanning starting about two weeks ago. The increase is small, and somewhat consistent with a small number of new scanners.


The remote desktop assistant should be turned off if it is not needed. This only applies to XP SP2 and you can do this by:

1. Right mouse clicking on My Computer, selecting Properties
2. Then select the Remote tab.
3. From there you can uncheck options to turn off the Remote Assistant capabilities if they are not needed.

More links below:

Windows XP SP2 vulnerability - Remote Desktop Assistant

Secunia Advisory on DoS potential

Immunity Security Notice

BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:03:11 AM

Posted 17 July 2005 - 05:39 AM

Microsoft Advisory on the Vulnerability in RDP

Microsoft has released a security advisory on the vulnerability in Remote Desktop Protocol (RDP). Their initail investigation has confirmed the DoS vulnerability. Services that utilize RDP are not enabled by default, but Remote Desktop is enabled by default on Windows XP Media Center Edition. The advisory has provided the following workarounds:

* Block TCP port 3389 at the firewall.
* Disable Terminal Services or the Remote Desktop feature if they are not required.
* Secure Remote Desktop Connections by using an IPsec policy.
* Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:11 AM

Posted 18 July 2005 - 01:56 PM

Microsoft Rushes to Fix Critical XP Flaw
By Nate Mook, BetaNews
July 18, 2005, 2:01 PM

Microsoft is rushing to patch a critical flaw in the Windows Remote Desktop Service, which affects fully updated Windows XP machines. The problem could be exploited by an attacker to cause a denial of service attack that crashes the PC with a Windows "blue screen of death."

Microsoft was informed of the flaw on May 4, and plans to issue a patch in its August security bulletin. The problem was discovered by Security Protocols, which posted a screenshot of a system being crashed.

betanews.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users