Windows RDP Denial of service vulnerability



I just saw this article at zdnet news a few minutes ago. Basically a new security bulletin is out with regards to Windows Remote Desktop Server being vulnerable to a denial of service (DoS) attack. Essentially it affects Windows 2000, XP and Server 2003. It appears that under an overwhelming flood of requests the system could blue screen. This vulnerability though, I think points out a flaw in the software firewall of XP. It sounds as though even systems with XP service pack 2 with the firewall enabled are vulnerable. I wouldn’t be surprised because if the RDP service is on it’s allowed to listen for incoming requests, essentially “poking a hole through the firewall” for that service.

In fact this is usually the biggest flaw with any software firewall. Software (or a user) on the system in question can tinker with and adjust the settings. One of the reasons I really prefer to see either a seperate hardware firewall, or a computer acting as a dedicated firewall is the following story. On a visit to one computer that was having “issues”, I noticed they didn’t have the firewall enabled on their relatively new XP machine. Since they had a direct connection to the internet (no router or firewall externally) I was somewhat concerned about a system compromise of some sort. I had remembered clearly enabling the firewall before leaving it when I initially set it up. On asking, I was told by the user “Oh, now that you mention it I recall something popping up saying that I needed to cut off the firewall for something and I did.”

I didn’t have the presence of mind to ask if they would leave the doors unlocked if a burglar sent a nice request in the mail. Really it’s the same thing when you think about it. The moral of the story (which dovetails with the news release) is this. If you have a high speed connection to the internet use a seperate firewall, don’t open more ports than you NEED to, and watch for software updates for the software that you use.

   Send article as PDF   

Similar Posts