Session Hijacking, DoS Bugs in Windows Remote Desktop

By N-Stalker Team on September 19, 2002

Update: We’ve just found out that Windows XP Pro SP1 does include patches for these two vulnerabilities, and MS has released bulletin MS02-051 with a fix for Windows 2000 as well.

Multiple vulnerabilities have been discovered in Microsoft’s Remote Desktop Protocol, which is used to power Terminal Services for Windows 2000 servers, as well as Windows XP Pro’s single-user remote desktop service. Version 5.0 of the RDP client is susceptible
to session monitoring and hijacking attacks in encrypted sessions. This means an attacker on the same network segment could view or even manipulate keystrokes sent over a terminal session. XP Pro, Win2k Server, Win2k Advanced Server, and .NET Standard Server Beta 3 are all affected, and the only workaround is to use Terminal Services Client 4.0.

The second security issue is a denial of service
condition
in the code which negotiates client/server graphics capabilities at the start of an RDP connection. By sending a 32 byte malformed packet to a server, an attacker can force the system to crash and reboot. This only affects Windows XP Professional and the .NET Server Beta 3, and there is no workaround other than disabling the Remote Desktop service. Microsoft has been aware of both of these security holes since April, but has not released any patches for them.

(N-Stalker Security Force)

This entry was posted in Previous Security Advisories. Bookmark the permalink.