Microsoft Corp. Monday issued a revised patch for a
flaw in the implementation of the Remote Data Protocol (RDP).
The flaw affected terminal service in Windows NT 4.0 Terminal Server Edition and Windows 2000 Server, Windows 2000 Advanced Server
and Windows 2000 Datacenter Server, opening the door for a potential denial of service on systems configured as terminal servers.
Such systems are typically deployed as intranet servers.
Microsoft published a patch for the flaw on Thursday, Oct. 18, but pulled it on Friday after system administrators
reported errors loading the patch onto their systems.
Microsoft has described the flaw as a moderate risk. It does not allow for system breaches. An attacker could cause a terminal
server to fail — causing work in progress to be lost — but could not add, change or delete data on the server. Servers that fail
as a result of exploiting the flaw can be rebooted without incident.
RDP is the protocol Windows terminal servers and clients use to communicate with each other. Clients use it to send keystroke and
mouse-click information to the server, and the server uses it send display information to clients. Microsoft said the flaw arises
when a precise series of packets are sent to a specific port in a specific order that cannot be generated as part of a normal
terminal server session.
Windows 2000 Server, Windows 2000 Advanced Server and Windows 2000 Datacenter Server are all capable of being configured to provide
terminal services, but terminal service is not installed or running by default in any of them.
