Skip navigation
Menu
End-User Platforms>Windows 7/8

Multiple Vulnerabilities in Microsoft RDP

Reported September 18, 2002, by Microsoft.

VERSIONS AFFECTED

 

·         Windows XP with Remote Desktop enabled

·         Windows 2000 Server Terminal Services

 

DESCRIPTION

 

Two vulnerabilities exist in Microsoft RDP. The first vulnerability is an information-disclosure vulnerability that forwards unencrypted checksums of plaintext data under XP and Win2K. An attacker can use these checksums to conduct a cryptanalytic attack to recover session traffic. The second vulnerability is a Denial of Service (DoS) condition in XP’s Remote Desktop service when this service uses RDP. By sending specially malformed packets to the service (which by default runs on TCP port 3389), an attacker can crash the vulnerable system.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-051 (Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure) to address these vulnerabilities, and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Microsoft.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019