Windows RDP Denial of service vulnerability



I just saw this article at zdnet news a few minutes ago. Basically a new security bulletin is out with regards to Windows Remote Desktop Server being vulnerable to a denial of service (DoS) attack. Essentially it affects Windows 2000, XP and Server 2003. It appears that under an overwhelming flood of requests the system could blue screen. This vulnerability though, I think points out a flaw in the software firewall of XP. It sounds as though even systems with XP service pack 2 with the firewall enabled are vulnerable. I wouldn’t be surprised because if the RDP service is on it’s allowed to listen for incoming requests, essentially “poking a hole through the firewall” for that service.

In fact this is usually the biggest flaw with any software firewall. Software (or a user) on the system in question can tinker with and adjust the settings. One of the reasons I really prefer to see either a seperate hardware firewall, or a computer acting as a dedicated firewall is the following story. On a visit to one computer that was having “issues”, I noticed they didn’t have the firewall enabled on their relatively new XP machine. Since they had a direct connection to the internet (no router or firewall externally) I was somewhat concerned about a system compromise of some sort. I had remembered clearly enabling the firewall before leaving it when I initially set it up. On asking, I was told by the user “Oh, now that you mention it I recall something popping up saying that I needed to cut off the firewall for something and I did.”

I didn’t have the presence of mind to ask if they would leave the doors unlocked if a burglar sent a nice request in the mail. Really it’s the same thing when you think about it. The moral of the story (which dovetails with the news release) is this. If you have a high speed connection to the internet use a seperate firewall, don’t open more ports than you NEED to, and watch for software updates for the software that you use.

Related Posts

Blog Traffic Exchange Related Posts
  • Debian development server compromise Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can......
  • Network Security guide for the home or small business network - Part 2 - A Software Firewall Do I really need a hardware firewall? I'm running XP Service Pack 2 with the built in firewall? (or norton, or zonealarm?) Well, personal firewalls (the name that software firewalls go by) are good for a great many things that hardware firewalls AREN'T. They do have their limitations though and......
  • How to Remove SecurityTool | Security Tool Removal Security Tool is the latest rogue antivirus application in the family which includes Total Security 2009 (read my how to remove Total Security 2009 guide if necessary.) It is visually similar and like many of these scareware rogues is very similar in many respects with the exception of the name.......
Blog Traffic Exchange Related Websites
  • Comparison Between Free Of Charge And Paid Web Comparison between free of charge and paid Web security software has turn into a main subject of discussion amongst probably the most of all computer users recently. Numerous people who have employed both free of charge as well as paid Web security software place their strong opinions. Although many people......
  • A Few Suggestions About Ways It's Possible For You To Improve Customer Service Frequently when thinking about home business ideas you might want to create a website. When building your own website there are a few things to think about. If you know nothing about site design, you'll need to pay someone to design it exactly how you desire. Make sure you utilise......
  • Microsoft Security Bulletin Summary for September 2010 - Issued: September 14, 2010 ******************************************************************** Microsoft Security Bulletin Summary for September 2010 Issued: September 14, 2010 ******************************************************************** This bulletin summary lists security bulletins released for September 2010. The full version of the Microsoft Security Bulletin Summary for September 2010 can be found at http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx. With the release of the bulletins for September 2010, this......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site