Posted on 07/18/2005 4:38:07 PM PDT by familyop
A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP.
Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol, Microsoft said in an advisory on Saturday.
RDP is a protocol that enables remote access to Windows systems. Because of a flaw in the way Windows handles remote desktop requests, an attacker could crash a PC by sending a malformed remote request, Microsoft said.
The advisory was released after the security researcher who discovered the flaw last week flagged Windows XP as vulnerable. Microsoft confirmed the issue on Friday and published the advisory over the weekend.
Microsoft said it is working on a patch, but noted that it is not aware of any attacks that try to exploit the vulnerability. However, security experts at The SANS Institute on Saturday did notice an increase in port scanning activity on the network port used by RDP. That could be a sign that hackers are trying to look for targets.
While most Windows versions ship with RDP services disabled, Remote Desktop is turned on out-of-the-box in Windows XP Media Center Edition. Only computers using services that have RDP enabled are vulnerable, Microsoft said in its advisory.
Services with RDP include Terminal Services in Windows 2000 and Windows Server 2003, and Remote Desktop Sharing and Remote Assistance in Windows XP.
Until a patch is available, Microsoft suggests users block TCP port 3389 (the port used by RDP) on their firewall, disable Terminal Services or Remote Desktop if not required, or secure remote desktop connections using either Internet Protocol Security or a virtual private network connection.
So just close 3389 at the firewall.
Oh look, another serious flaw in Windows!
Nah! They didn't call me for a whole year, and I've got them stabilized in the recovery room right now.
I need to freak them out with the rate hike first anyway...LOL!
IOW, there are about six people in the world who might be vulnerable and not know it.
off topic,
do you get more attempts on your ports while on free republic?
looking at my firewall log seems to indicate so.
Time for the weekly MS bashing session. Will all the usual suspects report to this thread immediately.
How soon before someone uses the Micro$oft spelling?
Alert!
I noticed the same thing.
It looks like your computer is safe if you have upgraded to Win9x. I'm a little surprised by Win2K on the list, however, since Microsoft ususally has most of the holes patched 5 years out.
You mean it isn't spelled that way? BTW, you just used it!
LOL... Funny thought, what do you want to bet that M$ has actually has a tradmark that spelling?
"Time for the weekly MS bashing session."
Hey, it's only fair. We show up at the Mac threads and put in our digs.
Or just buy an Apple....
It should already be closed if you are not using Terminal Services.
I'm looking at the firewall log and don't see any hits on 3389. I'm wondering if this affects machines that only respond to secure connections.
Are all of your ports being scanned at once, or are you seeing activity only through some of them?
The best thing to do is to change the port that you use RDP on.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp and change PortNumber to the port you want.
Note that this port is in hex, so you have to select decimal first, enter the port number (anything above 20000 should be fine) and select Hex again and save.
Maybe someone who understands how software is written can explain this to me. A Group or an individual writes this RDP portion of Windows, no one bothers to check and see if it is vulnerable?
If amateurs and punks can find these problems, what do the thousands of Microsoft software engineers do for a living? Why can't the same methods these punks use be used by the professionals and "experts" prior to the software even being released?
Hahahaha ... you are probably right!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.