Windows flaw reaches beyond XP [Remote crash attack.]

CNET News.com by way of ZDNet ^ | 18JUL05 | Joris Evers

[DaGman]

So just close 3389 at the firewall.

[ColumbusRep]

Oh look, another serious flaw in Windows!

[benjaminjjones]

Oops!, maybe that's what that missed client call was about. Ya think I should check my voice mail?

Nah! They didn't call me for a whole year, and I've got them stabilized in the recovery room right now.

I need to freak them out with the rate hike first anyway...LOL!

[general_re]

While most Windows versions ship with RDP services disabled, Remote Desktop is turned on out-of-the-box in Windows XP Media Center Edition.

IOW, there are about six people in the world who might be vulnerable and not know it.

[ken21]

off topic,

do you get more attempts on your ports while on free republic?

looking at my firewall log seems to indicate so.

[softwarecreator]

Alert!

Time for the weekly MS bashing session.  Will all the usual suspects report to this thread immediately.

How soon before someone uses the Micro$oft spelling?

Alert!

[softwarecreator]

I noticed the same thing.

[PAR35]

Windows 2000, Windows XP and Windows Server 2003 are vulnerable

It looks like your computer is safe if you have upgraded to Win9x. I'm a little surprised by Win2K on the list, however, since Microsoft ususally has most of the holes patched 5 years out.

[AFreeBird]

How soon before someone uses the Micro$oft spelling?

You mean it isn't spelled that way? BTW, you just used it!

LOL... Funny thought, what do you want to bet that M$ has actually has a tradmark that spelling?

[avenir]

"Time for the weekly MS bashing session."

Hey, it's only fair. We show up at the Mac threads and put in our digs.

[Quinotto]

Until a patch is available, Microsoft suggests users block TCP port 3389 (the port used by RDP) on their firewall, disable Terminal Services or Remote Desktop if not required, or secure remote desktop connections using either Internet Protocol Security or a virtual private network connection.

Or just buy an Apple....

[js1138]

So just close 3389 at the firewall.

It should already be closed if you are not using Terminal Services.

I'm looking at the firewall log and don't see any hits on 3389. I'm wondering if this affects machines that only respond to secure connections.

[familyop]

"do you get more attempts on your ports while on free republic?

looking at my firewall log seems to indicate so."

You shouldn't be. Only the webserver admin/webmaster should have access to records of your IP address(es), and looking IPs up in webserver stats takes time. I really doubt that any FR admin is scanning your ports.

It's more likely that more crackers are scanning ports on the Net in general while you're reading Free Republic pages, though. There are peak activity hours, so there are probably hours when port scans are more common.

[familyop]

Are all of your ports being scanned at once, or are you seeing activity only through some of them?

[Gaas]

The best thing to do is to change the port that you use RDP on.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp and change PortNumber to the port you want.

Note that this port is in hex, so you have to select decimal first, enter the port number (anything above 20000 should be fine) and select Hex again and save.

[Jonah Johansen]

Maybe someone who understands how software is written can explain this to me. A Group or an individual writes this RDP portion of Windows, no one bothers to check and see if it is vulnerable?
If amateurs and punks can find these problems, what do the thousands of Microsoft software engineers do for a living? Why can't the same methods these punks use be used by the professionals and "experts" prior to the software even being released?

[softwarecreator]

true.  Besides, it's a slow news day.

[softwarecreator]

Because a person or group of persons, cannot possibly find every security flaw, it's impossible.  How can they guess every scenario that these "punks", as you call them, will throw at them.  We are talking about the most widely used software on the planet with thousands of hackers throwing everything they can at it, every minute of the day.  

[softwarecreator]

Funny thought, what do you want to bet that M$ has actually has a tradmark that spelling?

Hahahaha ... you are probably right!!