XP At Risk From DoS

Microsoft has issued a security advisory warning that XP users could be at risk from a DoS due to a vulnerability in Remote Desktop Protocol (RDP).

The vulnerability was discovered by security researcher Tom Ferris of SP (security-protocols) Research Labs. In a post on the Security-Protocols site, “badpack3t” wrote that they notified Microsoft about the flaw in May and allegedly were told that a patch would be out for it by August. SP Research Labs did not disclose the details of how to exploit the flaw nor did they provide proof of concept code along with their website posting.

In the advisory, Microsoft said the vulnerability was responsibly reported to Microsoft originally, but the finder chose to publish the details of the vulnerability publicly before a fix was available.

“The concern with this behavior is that it poses risk for customers. Microsoft continues to encourage the commonly accepted practice of reporting vulnerabilities to the vendor first so that customers can receive high-quality and fully tested fixes without being exposed to malicious hackers while a fix is in development,” the advisory continued.

The flaw, as described by SP Research, is a “remote kernel DoS flaw within Microsoft Windows XP SP2 fully patched, with the firewall on.”

In its advisory Microsoft admitted that its own “initial” investigation showed that the DoS flaw could be triggered by an attacker using a specially crafted Remote Desktop Protocol(RDP) request. Microsoft noted that its investigation has shown that the vulnerability does not lead to a system takeover, only DoS.

Microsoft’s RDP allows for the remote desktop management and is currently enabled by default on Windows XP Media Center Edition, and as an option on other versions of XP and Windows 2000 and Windows Server 2003.

Pending the completion of a full investigation Microsoft noted it would issue a patch if required during its monthly patch update or out of cycle if it was merited.

Last Tuesday, was Microsoft’s regular monthly patch day in which three critical vulnerabilities were plugged.

News Around the Web