Microsoft warns of remote access protocol flaw

Microsoft warns of remote access protocol flaw

Microsoft has discovered a vulnerability in its Terminal Services and Remote Desktop Sharing features that could lead to a denial of service attack.

A flaw in the software used to remotely access computers running Microsoft's Windows operating system could leave users vulnerable to a denial of service attack, the company said in a security advisory issued Friday.

The vulnerability does not allow attackers to gain control of Windows systems, but they could use it to repeatedly cause affected computers to crash. This would be done by creating specially crafted messages using the Remote Desktop Protocol (RDP), which is used by Windows' Terminal Services and Remote Desktop Sharing features, according Microsoft.

Microsoft is advising users to either block the port that uses RDP (port 3389) or to disable the remote access features that use them. Terminal Services is used by the Windows 2000 and Windows Server 2003 operating systems. Remote Desktop Sharing is used by Windows XP.

As far as Microsoft knows, the vulnerability has not yet been used in an attack, and it is rated as "moderately critical" by Danish security vendor Secunia.

Microsoft will issue a patch for the vulnerability, but has not yet decided whether it will be part of the company's next scheduled group of security patches, scheduled for Aug. 9, a Microsoft spokeswoman said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments