cuidando de sua segurança
português inglês alemão
Produtos
Comprar
Suporte
Revendas
Notícias
Sobre

Notícias

Home
Releases
Alertas de Segurança
Prêmios
Eventos
Sala de Imprensa
Relações Públicas

Agnitum Security Advisories

ASA-02-0507-3: RDP vulnerability could lead to computer resets

Vulnerability summary:

Severity rating:         Important

Date Published:         July 16, 2005

Software Vendor:    Microsoft

Affected Software:  Remote Desktop Protocol (RDP)

Affected OS:             Windows XP (incl. x64 Edition), Windows Server 2003 (incl. x64 Edition), Windows 2000

Unaffected with:      

Vulnerability class:   Denial of Service

Status:                      Patch due

Vulnerability details:

Tech brief:

The vulnerability is caused due to an error in Remote Desktop Services. A specifically crafted request sent to the Remote Desktop Protocol could crash the host system.

 

Vendor reference information:

 

Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/advisory/904797.mspx

 

General Mitigating Recommendations:

 

  • Disable Terminal Services or the Remote Desktop feature if they are not required.
  • Secure Remote Desktop Connections by using an IPsec policy.
  • Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection. 

How Outpost Firewall PRO protects you:

 

Outpost Firewall PRO protects your system against this vulnerability through the Global System and Rawsocket Rules feature: 

1) Make sure Outpost is not running in Disabled or Allow Most mode.

2) Go to Options > System and click Rules under Global System and Rawsocket rules.

3) Click Add to create the new global rule.

4) Select the Where the specified protocol is, Where the specified direction is, and Where the specified local port is events.

5) In the Rule description field, click on the Undefined keyword next to Where the protocol is and specify the TCP protocol.

6) In the Rule description field, click on the Undefined keyword next to Where the direction is and specify the Inbound connection direction.

7) In the Rule description field, click on the Undefined keyword next to Where the local port is and specify the port number 3389 or select RDP.

8) Finally, in the Select Actions with which the rule will respond field, select Block it, Make rule as High Priority and Ignore Component Control actions.

9) Name the rule appropriately (in the Rule name field) and click OK to save it.

10) You should now see the new rule in the list of global rules.

 

Disclaimer:

 

The information in the present advisory is believed to be accurate as of the time of publishing, based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on, this information.

 

 
Termos de Uso    Busca   Mapa do Site   Contate-nos   Privacidade   Relações Públicas   
Todos os direitos reservados © 2006, Protagon® Segurança de Dados, sob licença de Agnitum Ltd.
Outpost PRO: firewall com anti-spyware.