Windows RDP Denial of service vulnerability



I just saw this article at zdnet news a few minutes ago. Basically a new security bulletin is out with regards to Windows Remote Desktop Server being vulnerable to a denial of service (DoS) attack. Essentially it affects Windows 2000, XP and Server 2003. It appears that under an overwhelming flood of requests the system could blue screen. This vulnerability though, I think points out a flaw in the software firewall of XP. It sounds as though even systems with XP service pack 2 with the firewall enabled are vulnerable. I wouldn’t be surprised because if the RDP service is on it’s allowed to listen for incoming requests, essentially “poking a hole through the firewall” for that service.

In fact this is usually the biggest flaw with any software firewall. Software (or a user) on the system in question can tinker with and adjust the settings. One of the reasons I really prefer to see either a seperate hardware firewall, or a computer acting as a dedicated firewall is the following story. On a visit to one computer that was having “issues”, I noticed they didn’t have the firewall enabled on their relatively new XP machine. Since they had a direct connection to the internet (no router or firewall externally) I was somewhat concerned about a system compromise of some sort. I had remembered clearly enabling the firewall before leaving it when I initially set it up. On asking, I was told by the user “Oh, now that you mention it I recall something popping up saying that I needed to cut off the firewall for something and I did.”

I didn’t have the presence of mind to ask if they would leave the doors unlocked if a burglar sent a nice request in the mail. Really it’s the same thing when you think about it. The moral of the story (which dovetails with the news release) is this. If you have a high speed connection to the internet use a seperate firewall, don’t open more ports than you NEED to, and watch for software updates for the software that you use.

Related Posts

Blog Traffic Exchange Related Posts
  • Debian development server compromise Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can......
  • SONY DRM rootkit - the gift that keeps on giving Well... I said, more legs than a centipede for this one.... It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use......
  • Task manager has been disabled by your administrator The first problem I ran into in cleaning up after my infested Windows XP image was this error message. One of the first things I do in cleaning an infested system is try to kill off running process that look suspect (or at least identify them.) On using ctrl-alt-delete I......
Blog Traffic Exchange Related Websites
  • A Few Suggestions About Ways It's Possible For You To Improve Customer Service Frequently when thinking about home business ideas you might want to create a website. When building your own website there are a few things to think about. If you know nothing about site design, you'll need to pay someone to design it exactly how you desire. Make sure you utilise......
  • Comparison Between Free Of Charge And Paid Web Comparison between free of charge and paid Web security software has turn into a main subject of discussion amongst probably the most of all computer users recently. Numerous people who have employed both free of charge as well as paid Web security software place their strong opinions. Although many people......
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010¬†|¬†Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site