DoS Flaw Affects Windows XP, Windows 2000, Windows 2003 -- Redmond Channel Partner

DoS Flaw Affects Windows XP, Windows 2000, Windows 2003

By Scott Bekker
July 19, 2005

Microsoft is working to fix a publicly disclosed flaw in Microsoft's Remote Desktop Services that can lead to a denial of service attack against certain Windows XP, Windows 2000 and Windows Server 2003 systems.

The flaw is not the most serious type -- the remote execution flaws that can give an attacker a way to take complete control of a computer over the Internet. After investigating the flaw, Microsoft concluded that the worst result of the vulnerability is a failed system. In all affected operating systems except Windows XP Media Center Edition, the services that use the vulnerable Remote Desktop Protocol (RDP) are turned off by default.

Secunia released an advisory Thursday that the flaw had been discovered by Tom Ferris and that Windows systems were at risk. Microsoft released a security advisory on Saturday to confirm the flaw, offer workarounds and promise that a patch will be coming.

"We have not been made aware of attacks that try to use the reported vulnerability or of customer impact at this time, but we are aggressively investigating the public reports," Microsoft wrote in its security advisory. "While this issue was first reported to Microsoft responsibly, details about the reported vulnerability have been made public," the Microsoft advisory complained.

The flaw occurs in RDP, which allows users to access all their data and applications on their desktop computers through virtual sessions from other computers. RDP provides the foundation for Terminal Services in Windows 2000 and Windows Server 2003 and for Remote Desktop Sharing in Windows XP.

An attacker can exploit the flaw by crafting a special Remote Desktop request and sending the request to an affected system.

Microsoft's next regularly scheduled patching day falls on Aug. 9. Until a patch is ready, Microsoft offers several workarounds including blocking TCP port 3389 at the firewall, disabling Terminal Services or the Remote Desktop feature, securing Remote Desktop connections with an IPsec policy or securing Remote Desktop connections via a Virtual Private Network.

Click here to view Microsoft's security advisory.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Organizations that want to extend the life of their Windows 10 PCs can begin buying extension plans from Microsoft's Cloud Solution Provider (CSP) partners on Sept. 1.
2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft is readying a new "Windows endpoint security platform" as part of its Windows Resiliency Initiative (WRI).
Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

Forrester has singled out Microsoft as the leading cloud hyperscaler in the increasingly AI-driven field of enterprise security analytics.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

DoS Flaw Affects Windows XP, Windows 2000, Windows 2003

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

So You Want To Be an MSP? Here's What It Really Takes

Guardz Unveils AI-Driven Identity Security for MSPs

Channel Veteran Dan Wensley Named GTIA CEO

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

So You Want To Be an MSP? Here's What It Really Takes

Guardz Unveils AI-Driven Identity Security for MSPs

Channel Veteran Dan Wensley Named GTIA CEO

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Tech Talk | Stop Buying What You Already Own: The MSP's Guide to Microsoft 365 Optimization

Veeam Data Cloud for Microsoft 365

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlocking the power of Microsoft 365 management: A toolkit for MSP success

How MSPs can future-proof Microsoft 365 management with automation and security

The future of M365 management