Outpost Firewall Protects Against Latest Windows Remote Access Vulnerability
— Serious Windows vulnerabilities are protected even before Microsoft patch is out—
St. Petersburg, Russia — July 26, 2005 — Agnitum Ltd., a leading developer of information security software for home and business users, today announced that its Outpost Firewall Pro personal firewall fully protects Windows users from the most recent vulnerability found in Microsoft’s Remote Desktop software.
As reported by Microsoft in its security advisory (available online at http://www.microsoft.com/technet/security/advisory/904797.mspx), a vulnerability in Remote Desktop Protocol (RDP) could lead to denial of service on an affected computer.
According to Microsoft’s early estimates, if a service were enabled on a host computer, an attacker could cause the system to restart. This vulnerability affects all versions of Windows XP, including those already patched with the latest Service Pack 2, a major security update released last summer.
The essence of the vulnerability lies in the way malformed Remote Desktop requests are handled by the service. Remote Desktop Protocol (RDP) allows users to create a virtual session on their PCs, enabling them to access all data and applications on their PC from another machine. Both Terminal Services in Windows 2000 and Windows Server 2003 and Remote Desktop Sharing in Windows XP implement RDP.
The problem with this vulnerability is that an attacker could try to exploit the vulnerability by creating a specially-crafted Remote Desktop request and sending that request to an affected system. Thus, if an attack were successful, receipt of such a malformed Remote Desktop request could cause the vulnerable system to fail in such a way that it could cause a denial of service.
As a workaround to close the underlying vulnerability until Microsoft releases a patch, users of Agnitum’s Outpost Firewall Pro can protect their systems by simply configuring the firewall to block TCP port 3389.
This action involves closing connections to the RDP local port on your computer using Outpost’s Global System and Rawsocket rules tab. Details on how to do this are provided as an Agnitum Security Advisory, available on the company’s website at http://www.agnitum.com/news/security_advisories/advisory3.php, in the document heading “ASA-02-0507-3: RDP vulnerability could lead to computer resets”.
Until the vendor fix is released, Windows users are advised to refrain from using Remote Desktop Access functionality wherever possible because of the risk of system sabotage. After the situation is corrected, users may reset their firewalls to the previous state by unblocking port 3389 communications.
“A huge software product like Windows OS will inevitably have errors´ said Mikhail Penkovsky, VP Sales and Marketing, Agnitum Ltd. “We are happy to assist our customers in alleviating security threats until such time as the manufacturer is able to deliver a permanent fix. We invite anyone to download a trial version of Outpost from our web site and see for themselves how easy it is to manage this kind of vulnerability.”
About Outpost Firewall Pro
Outpost Firewall Pro (http://www.agnitum.com/products/outpost/) provides a comprehensive arsenal of defenses against PC infiltration by denying unauthorized access to remote hackers and protecting against data theft, denial-of-service attacks, privacy violation, Trojan horses, spyware and other malicious code.
Founded in 1999, Agnitum Ltd (http://www.agnitum.com) is a leader in security and privacy software for home and office PCs, with more than a million users around the world. Agnitum is committed to delivering and supporting high quality security software products; the company’s key offerings are Outpost Firewall Pro, securing home and SOHO PCs, and Outpost Office Firewall, providing easy-to-use, reliable endpoint protection for corporate networks. For more information, contact Agnitum at firstname.lastname@example.org