|
ALARM Group ALERT — click for a description of ALARM, The Computing Alert System Alert Number: 072105-01 Alert Date: 07/21/05 Alert Title: Microsoft releases security advisory for Remote Desktop Update-to: none OS/Platform/Application: Services that utilize Microsoft Remote Desktop Protocol ('RDP'). This includes Terminal Services for Windows 2000 and Server 2003 as well as Remote Desktop Sharing in Windows XP. **NOTE: Microsoft Windows XP Media Center Edition is the only OS that has the RDP protocol enabled by default.**
The following Operating systems may have RDP enabled via user configuration:
Category: ALERT |
Summary: On July 16, Microsoft released Security Advisory 904797, which details a vulnerability in the Remote Desktop Protocol which could allow an attacker to perform a Denial-of Service (DoS) attack against systems running the RDP protocol. As of this writing the vendor has not released a patch for the vulnerability but reports that it may include a fix as part of its' monthly Security Bulletin release in August. In place of a current patch, Microsoft has issued a number of workaround options, including disabling Terminal Services and/or Remote Desktop.Recommended Actions: Windows system managers and support personnel are encouraged to read the advisory if they know or presume their machines use the RDP protocol. Included in the resources section of this alert is a link to the Microsoft RDP FAQ to help system administrators determine if RDP is enabled, etc.
ITS Actions: Current reports of scan/exploit activity on various Internet monitoring sites do not indicate a significant outbreak of activity associated with this threat. If a sizable uptick in activity is observed ITS Telecommunications may block the TCP port associated with RDP (port 3389) at the University Internet connection. An update will be issued if this action is taken.
Resources:
Security Advisory 904797
RDP FAQ
