Flawed Patch Pulled by Microsoft

Microsoft Corp. late Thursday pulled a patch to a security vulnerability off its public Web site after system
administrators reported errors loading the patch onto their systems.

After receiving reports of the flawed patch, the Microsoft Security Response Center said it would work to correct problems as
quickly as possible.

“We’re sorry for any inconvenience and have since pulled the patch from the public Web site,” the center said.

The company posted the patch Thursday, along with a bulletin detailing a flaw in the implementation of the Remote Data Protocol
(RDP) in the terminal service in Windows NT 4.0 Terminal Server Edition and Windows 2000 Server, Windows 2000 Advanced Server and
Windows 2000 Datacenter Server.

Microsoft described the flaw as a moderate risk. It opens the door for a potential denial of service on systems that have been
configured as terminal servers, which are typically deployed as intranet servers. The flaw does not allow for system breaches, an
attacker could cause a terminal server to fail — causing work in progress to be lost — but could not add, change or delete data on
the server.

RDP is the protocol Windows terminal servers and clients use to communicate each other. Clients use it to send keystroke and
mouse-click information to the server, and the server uses it to send display information to clients. Microsoft said the flaw arises
when a precise series of packets are sent to a certain port in a specific order that cannot be generated as part of a normal
terminal server session.

Windows 2000 Server, Windows 2000 Advanced Server and Windows 2000 Datacenter Server are all capable of being configured to provide
terminal services, but terminal service is not installed or running by default in any of them.

Microsoft said servers that fail as a result of exploiting this flaw can be rebooted without incident.

News Around the Web