taking care of your security
english deutsch français polski russian magyar
Products
Purchase
Support
Partners
News
About

News

Home
Press releases
Agnitum Directions
Agnitum Blog
Awards
Press Room
PR Contacts

Agnitum Security Advisories

Update:

The patch correcting the vulnerability has been released by the vendor. Users are advised to download it through Windows Update service available at http://windowsupdate.microsoft.com

Temporary workaround involving the closure of vulnerable TCP port number 3389 with a firewall can now be revoked.


ASA-03-0507-3: RDP vulnerability could lead to computer resets

Vulnerability summary:

Severity rating:         Important

Date Published:         July 16, 2005

Software Vendor:    Microsoft

Affected Software:  Remote Desktop Protocol (RDP)

Affected OS:             Windows XP (incl. x64 Edition), Windows Server 2003 (incl. x64 Edition), Windows 2000

Unaffected with:      

Vulnerability class:   Denial of Service

Status:                      Patch due

Vulnerability details:

Tech brief:

The vulnerability is caused due to an error in Remote Desktop Services. A specifically crafted request sent to the Remote Desktop Protocol could crash the host system.

 

Vendor reference information:

 

Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/advisory/904797.mspx

 

General Mitigating Recommendations:

 

  • Disable Terminal Services or the Remote Desktop feature if they are not required.
  • Secure Remote Desktop Connections by using an IPsec policy.
  • Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection. 

How Outpost Firewall PRO protects you:

 

Outpost Firewall PRO protects your system against this vulnerability through the Global System and Rawsocket Rules feature: 

1) Make sure Outpost is not running in Disabled or Allow Most mode.

2) Go to Options > System and click Rules under Global System and Rawsocket rules.

3) Click Add to create the new global rule.

4) Select the Where the specified protocol is, Where the specified direction is, and Where the specified local port is events.

5) In the Rule description field, click on the Undefined keyword next to Where the protocol is and specify the TCP protocol.

6) In the Rule description field, click on the Undefined keyword next to Where the direction is and specify the Inbound connection direction.

7) In the Rule description field, click on the Undefined keyword next to Where the local port is and specify the port number 3389 or select RDP.

8) Finally, in the Select Actions with which the rule will respond field, select Block it, Make rule as High Priority and Ignore Component Control actions.

9) Name the rule appropriately (in the Rule name field) and click OK to save it.

10) You should now see the new rule in the list of global rules.

 

Disclaimer:

 

The information in the present advisory is believed to be accurate as of the time of publishing, based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesnít accept any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on, this information.

Sign Up Today!
Get Free Monthly Newsletters:
Agnitum Directions (product news)
Enter your email:

   RSS feed
Terms of use   Search   Site map   Contact Us   Privacy Policy   PR Contacts   
Outpost Security Suite Pro   Outpost Firewall Pro   Outpost Antivirus Pro   Outpost Network Security
All rights reserved ©†1999–2014, Agnitum Ltd.