Skip navigation
Menu
End-User Platforms>Windows 7/8

Denial of Service in Microsoft Windows 2000 Terminal Services

VERSIONS AFFECTED

  • Microsoft Windows 2000 Server Terminal Services

    • DESCRIPTION

    A vulnerability in Windows 2000 Server Terminal Services can permit a malicious user to force a reboot of the terminal server.

    DEMONSTRATION

    The discoverer posted the following scenario as proof of concept:

    Exploit
    -------

    1. Open \%systemroot%\system32\msgina.dll for exclusive access (read lock). I used Radsoft's hexview.exe from Rix2K to do so.

    2. Open a new connection to the server through RDP/ICA.

    3. Click Restart in the warning dialog box ("msgina.dll failed to load") that appears.

    Tested on Windows 2000 Server Service Pack 2 (SP2) with Microsoft Internet Exploror (IE) 5.5 and Windows 2000 Server SP3 with IE 5.5.

    VENDOR RESPONSE

    Microsoft hasn't released a fix or a response. The discoverer posted a workaround for Windows 2000 that suggests removing all permissions on msgina.dll for Power Users, Users, and Everyone.

    CREDIT

    Discovered by Jonathan Hunter.


    TAGS: Security
    Hide comments

    More information about text formats

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish
    Recommended Reading
    PowerShell screenshot shows Where-Object cmdlet
    How to Use the PowerShell Where-Object Cmdlet
    Aug 04, 2022
    shield_icon_laptop.jpg
    What To Do When Windows Defender Is Not Working
    Mar 15, 2022
    Computer Screen Showing Password Dialog Box
    Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
    Aug 22, 2019
    mktg-wp-nolabel5
    How to Approach the Windows 7 to 10 Migration
    Aug 01, 2019