Microsoft Windows Terminal Services vulnerabilities

From: Ben Cohen (bcat_private)
Date: Wed Sep 18 2002 - 04:39:03 PDT

Next message: Bryan Blackburn: "Re: nidump on OS X"

Previous message: Jason A. Fager: "Re: nidump on OS X"
Next in thread: Ben Cohen: "Re: Microsoft Windows Terminal Services vulnerabilities"
Reply: Ben Cohen: "Re: Microsoft Windows Terminal Services vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have just installed Windows XP Pro SP1 and found that the two
vulnerabilities announced earlier in the week have been addressed.  


"Microsoft Windows XP Remote Desktop denial of service" is fixed.

"Microsoft Windows Remote Desktop Protocol checksum and keystroke" is
partially fixed:  Microsoft have altered the protocol to revert to the RDP
4.0 style input packet.  This is a hack rather than a good solution
because it doesn't fix the checksum leakage problem, and it increases
bandwidth again.  Unfortunately, the proper solution would require the 
encryption layer of the protocol to be redesigned.


Ben Cohen
Software Developer
Skygate Technology Ltd.

Next message: Bryan Blackburn: "Re: nidump on OS X"
Previous message: Jason A. Fager: "Re: nidump on OS X"
Next in thread: Ben Cohen: "Re: Microsoft Windows Terminal Services vulnerabilities"
Reply: Ben Cohen: "Re: Microsoft Windows Terminal Services vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 09:02:42 PDT