Reported October 19, 2001, by
Microsoft.
VERSIONS AFFECTED
All
systems
running Microsoft Terminal Services, including:
Microsoft
Windows 2000 Server
Microsoft
Windows 2000 Advanced Server
Microsoft
Windows 2000 Datacenter Server
Microsoft
Windows NT 4.0 Terminal Server Edition
DESCRIPTION
VENDOR RESPONSE
The
vendor, Microsoft, has released security
bulletin MS01-052
to address this vulnerability and recommends that affected users apply the patch
at listed URL. Win2K Datacenter patches are hardware specific and will be
available from the OEM when they are ready.
CREDIT
A
vulnerability exists in WTS and Win2K RDP service that can result in a Denial of
Service (DoS) attack. The attack results from a problem in the service that
doesn't properly handle a particular series of data packets. To cause the
service to fail, an attacker wouldn't have to connect to the service but only
send this series of data packets to the port on which RDP was listening.
Discovered
by Luciano Martins of Deloitte
& Touche Argentina.
Denial of Service in Windows Terminal Services
0 comments
Hide comments