Agnitum Security Advisories
The patch correcting the vulnerability has been released by the vendor. Users are advised to download it through Windows Update service available at http://windowsupdate.microsoft.com
Temporary workaround involving the closure of vulnerable TCP port number 3389 with a firewall can now be revoked.
ASA-03-0507-3: RDP vulnerability could lead to computer resets
Severity rating: Important
Date Published: July 16, 2005
Software Vendor: Microsoft
Affected Software: Remote Desktop Protocol (RDP)
Affected OS: Windows XP (incl. x64 Edition), Windows Server 2003 (incl. x64 Edition), Windows 2000
Vulnerability class: Denial of Service
Status: Patch due
The vulnerability is caused due to an error in Remote Desktop Services. A specifically crafted request sent to the Remote Desktop Protocol could crash the host system.
Vendor reference information:
Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/advisory/904797.mspx
General Mitigating Recommendations:
- Disable Terminal Services or the Remote Desktop feature if they are not required.
- Secure Remote Desktop Connections by using an IPsec policy.
- Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection.
How Outpost Firewall PRO protects you:
Outpost Firewall PRO protects your system against this vulnerability through the Global System and Rawsocket Rules feature:
1) Make sure Outpost is not running in Disabled or Allow Most mode.
2) Go to Options > System and click Rules under Global System and Rawsocket rules.
3) Click Add to create the new global rule.
4) Select the Where the specified protocol is, Where the specified direction is, and Where the specified local port is events.
5) In the Rule description field, click on the Undefined keyword next to Where the protocol is and specify the TCP protocol.
6) In the Rule description field, click on the Undefined keyword next to Where the direction is and specify the Inbound connection direction.
7) In the Rule description field, click on the Undefined keyword next to Where the local port is and specify the port number 3389 or select RDP.
8) Finally, in the Select Actions with which the rule will respond field, select Block it, Make rule as High Priority and Ignore Component Control actions.
9) Name the rule appropriately (in the Rule name field) and click OK to save it.
10) You should now see the new rule in the list of global rules.
The information in the present advisory is believed to be accurate as of the time of publishing, based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on, this information.