Windows RDP Denial of service vulnerability



I just saw this article at zdnet news a few minutes ago. Basically a new security bulletin is out with regards to Windows Remote Desktop Server being vulnerable to a denial of service (DoS) attack. Essentially it affects Windows 2000, XP and Server 2003. It appears that under an overwhelming flood of requests the system could blue screen. This vulnerability though, I think points out a flaw in the software firewall of XP. It sounds as though even systems with XP service pack 2 with the firewall enabled are vulnerable. I wouldn’t be surprised because if the RDP service is on it’s allowed to listen for incoming requests, essentially “poking a hole through the firewall” for that service.

In fact this is usually the biggest flaw with any software firewall. Software (or a user) on the system in question can tinker with and adjust the settings. One of the reasons I really prefer to see either a seperate hardware firewall, or a computer acting as a dedicated firewall is the following story. On a visit to one computer that was having “issues”, I noticed they didn’t have the firewall enabled on their relatively new XP machine. Since they had a direct connection to the internet (no router or firewall externally) I was somewhat concerned about a system compromise of some sort. I had remembered clearly enabling the firewall before leaving it when I initially set it up. On asking, I was told by the user “Oh, now that you mention it I recall something popping up saying that I needed to cut off the firewall for something and I did.”

I didn’t have the presence of mind to ask if they would leave the doors unlocked if a burglar sent a nice request in the mail. Really it’s the same thing when you think about it. The moral of the story (which dovetails with the news release) is this. If you have a high speed connection to the internet use a seperate firewall, don’t open more ports than you NEED to, and watch for software updates for the software that you use.

Related Posts

Blog Traffic Exchange Related Posts
  • Epson Perfection 1650 scanner and Windows XP Limited User account "We tried scanning and all that happened was the lamp moved back and forth.... Nothing else happened." That was the description I had and the request to see why the scanner was broken. It hadn't been long since the Epson scanner had been hooked up to a new XP Pro......
  • How to Remove SecurityTool | Security Tool Removal Security Tool is the latest rogue antivirus application in the family which includes Total Security 2009 (read my how to remove Total Security 2009 guide if necessary.) It is visually similar and like many of these scareware rogues is very similar in many respects with the exception of the name.......
  • SONY DRM rootkit - the gift that keeps on giving Well... I said, more legs than a centipede for this one.... It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use......
Blog Traffic Exchange Related Websites
  • A Few Suggestions About Ways It's Possible For You To Improve Customer Service Frequently when thinking about home business ideas you might want to create a website. When building your own website there are a few things to think about. If you know nothing about site design, you'll need to pay someone to design it exactly how you desire. Make sure you utilise......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010¬†|¬†Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site