| ||Thread Tools|
|19th July 2005, 00:05||#1|
Join Date: Mar 2004
Windows flaw reaches beyond XP
A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP.
Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol, Microsoft said in an advisory on Saturday.
RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said.
The advisory was released after the security researcher who discovered the flaw last week flagged Windows XP as vulnerable. Microsoft confirmed the issue on Friday and published the advisory over the weekend.
Microsoft said it is working on a patch, but noted that it is not aware of any attacks that try to exploit the vulnerability. However, security experts at The SANS Institute on Saturday did notice an increase in port scanning activity on the network port used by RDP. That could be a sign that hackers are trying to look for targets.
While most Windows versions ship with RDP services disabled, Remote Desktop is turned on out-of-the-box in Windows XP Media Center Edition. Only computers using services that have RDP enabled are vulnerable, Microsoft said in its advisory.
Services with RDP include Terminal Services in Windows 2000 and Windows Server 2003, and Remote Desktop Sharing and Remote Assistance in Windows XP.
Until a patch is available, Microsoft suggests users block TCP port 3389 (the port used by RDP) on their firewall, disable Terminal Services or Remote Desktop if not required, or secure remote desktop connections using either Internet Protocol Security or a virtual private network connection.
Opteron 165 (2) @2.85 1.42 vcore AMD Stock HSF + Chill Vent II
|Thread||Thread Starter||Forum||Replies||Last Post|
|Microsoft warns of TLS/SSL flaw in Windows||jmke||WebNews||0||10th February 2010 13:28|
|175 Windows 7 Tweaks, Tips, and How-To Articles||jmke||WebNews||2||23rd October 2009 14:00|
|Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch||jmke||WebNews||0||14th April 2009 18:47|
|Microsoft Security Bulletin Summary for September 2008||jmke||WebNews||0||9th September 2008 19:20|
|Microsoft Security Bulletin Summary for August 2007||jmke||WebNews||0||14th August 2007 22:21|
|IE flaw puts Windows XP SP2 at risk||Sidney||WebNews||3||6th February 2007 17:25|
|Cybercrooks add Windows flaw to arsenal||jmke||WebNews||0||2nd October 2006 10:08|
|Microsoft Security Bulletin Summary for June 2006||jmke||WebNews||0||14th June 2006 20:51|
|Windows Firewall flaw may hide open ports||Sidney||WebNews||0||2nd September 2005 05:55|
|List of fixes included in Windows XP Service Pack 2||jmke||WebNews||1||17th August 2004 15:03|