Remote Desktop Security Vulnerability - DOS Attack

Microsoft released a security bulletin this past weekend concerning a vulnerability in the Remote Desktop Protocol that may lead to a Denial of Service (DoS) attack.. Note that this vulnerability will not allow remote access to your computer.

At the present time, there is no hotfix or patch to correct this vulnerability.

From the bulletin:

In which Microsoft products is RDP implemented?
In general, RDP is the underlying protocol for Windows features that allows remote desktop sessions. For instance:
• Terminal Services in Windows 2000 and Windows Server 2003 implement RDP. For more information about Terminal Services and RDP, visit the following Web site.
• Remote Desktop Sharing in Windows XP implements RDP. For more information about the Remote Desktop feature in Windows XP, visit the following Web site.

How could an attacker attempt to exploit the vulnerability?
An attacker could try to exploit the vulnerability by creating a specially crafted Remote Desktop request and sending the request to an affected system.

What might an attacker use this vulnerability to do?
If an attack were successful, receipt of such a malformed Remote Desktop request could cause the vulnerable system to fail in such a way that it could cause a denial of service. Our investigation has determined that this is limited to a denial of service, and therefore an attacker could not use this vulnerability to take complete control of a system.

NOTE THAT WINDOWS XP PROFESSIONAL AND WINDOWS XP HOME EDITION ARE AFFECTED. Windows XP Home Edition is affected since the Remote Assistance solution uses RDP in connecting and controlling other machines…

Workarounds:

  • Block TCP port 3389 at the firewall.
  • Disable Terminal Services or the Remote Desktop feature if they are not required.
  • Secure Remote Desktop Connections by using an IPsec policy.
  • Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection.
Of these options, the final workaround will be the easiest for most end users to implement. If you do not wish to use the built-in PPTP server, consider using something like SSL-Explorer which sets up a VPN based on SSL tunnels.

Click here for the security bulletin.
Click here for the KB article that will describe the proposed fix when released.

Tags: ,