Reported November 19, 2001, by
Xato Network Security. VERSIONS AFFECTED Microsoft
Windows XP Microsoft
Windows 2000 DESCRIPTION
A vulnerability exists in Microsoft Windows Terminal Services that might let a hacker cause both the Terminal Services Manager and the Windows Event Log to record a spoofed IP address for Terminal Services connections. This vulnerability stems from Windows Terminal Services use of the connecting client’s internal IP address. By using Network Address Translation (NAT), an attacker can fool Windows Terminal Services into thinking that the client is connecting from a different IP address.