Thursday, July 28, 2005

Re: remote desktop

On The Furrygoat Experience, I read that Steve loves having a remote desktop on his Windows machines. While enabling remote desktop provides good flexibility in the ability to work from anywhere, any place, I feel that I must point out the following:

Microsoft Security Advisory (904797)
Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service
Published: July 16, 2005


Microsoft is investigating new public reports of a vulnerability in Remote Desktop Services.
[....]
Our initial investigation has revealed that a denial of service vulnerability exists that could allow an attacker to send a specially crafted Remote Desktop Protocol (RDP) request to an affected system.
[....]


The Internet Storm Center also discussed this vulnerability in their July 16th diary. Even worse, on July 14th, they wrote:

The vulnerability in due to a flaw in the remote desktop assistant. This service is NOT FIREWALLED in XP SP2's default firewall configuration.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.