Slashdot Mirror
New Batch of XP SP2 Holes
terap writes "Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in the 'Remote Desktop' feature. It affects fully patched versions of Windows XP Service Pack 2, even with the integration firewall turned on. There is a possibility this could lead to code execution attacks."
windows firewall opens a port for rdesktop by default
The war with islam is a war on the beast
The war on terror is a war for peace
Remote Desktop is actually cool as hell. It is by far the best remote terminal service of any OS I've used.
It is also just about the only legitimate reason to buy (or otherwise own) Windows XP over Windows 2000.
And finally, it is also... guess what... turned off by default.
Move along, nothing to see here...
I use Remote Desktop quite often, it can be very useful and it's more transparent and efficient than PcAnywhere.
o l\TerminalServer\WinStations\RDP-Tcp\PortNumber
What i do is change the port that RDC uses, from the standard 3389 to a unique port. To do this, go to registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contr
change the decimal value, and reboot.
no, it does not
well, kind of
it opens a port for remote desktop IF you enable remote desktop.
so, the question is, does this exploit affect xp sp2 if rdp has never been enabled ?
> Remote Desktop is actually cool as hell. It is by far the best remote terminal service of any OS I've used.
I agree, and it's even cooler with this patch.
In an advisory posted at SecurityProtocols.com, the researcher described the issue as a remote kernel denial-of-service flaw affecting XP SP2, with the default firewall turned on.
I know Slashdot loves to hold Microsoft to golden standards, but a DOS-attack in a not overly important desktop daemon is hardly huge news. At the very least it happens to a lot of OS's a lot of the time.
Actually, it does have a port option. syntax: ipaddress:port just put a colon in, the same as when you access any webservices not running on port 80
Gravity Sucks
Blocking every port from 1024-65555 is unrealistic...
In fact, if you use passive FTP to download anything from the internet, if you use MSN Messenger to transfer files or view webcams, if you transfer files by DCC via an IRC client... or use any other application which is not port range specific.
This means that anytime you need to do such thing you have to manually open wide 1024-65535 ports and go back to normal mode after.
You're forgetting that a lot of these firewalls have stateful connections... meaning, if you originate a connection out (such as with passive FTP... you're told which port to connect to), it automatically is allowed back in in response.
And for services that require that you have ports open and back to the particular computer (active ftp, eMule, the webcam stuff, etc), a lot of the modern firewalls also include support for Port Triggering. Basically, if you specify the ports you'll want to use in the firewall, it can automatically forward that range of ports to whichever internal computer "triggers the port forwarding." This means, you can use eMule... then your roomate can use it after just by hitting the firewall trigger. An example of how this might look on a somewhat typical home firewall is here: D-Link firewall.
And if that sounds complicated, it is no more complicated then having to tell the Windows firewall to allow those same connections into the computer.
The home hardware firewall is very easy to use... and the parent stated, there's no reason for everyone to have one. Heck, even my 60 year-old mom uses one. 8)
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
Wow, that was quite the rant... Just how stupid do you think MS is?
Remote desktop requires authentication. In XP they also have Remote Assistance which is probably based off of Remote Desktop and requires an invite from the user at the console. Remote Desktop works just like logging onto a box - you need to enter your username and password to get a session and do anything. Presumably your user name and password are secure even if they're not q PGP signature (and emailing it? are you serious? At least transfer it over a website with SSL enabled, e-mail is wide open and COMPLETELY INSECURE!)
Finally as many others have mentioned Remote Desktop is not enabled by default (at least in XP SP2, not sure about previous versions).
The fact of the matter is that there are no fundamental flaws in remote desktop. This is simply a bug that has been discovered. Now maybe there will be a stream of similar bugs and then we can all point and laugh at the crap code that is remote desktop but one bug does not make a remote desktop worthy of your rant here.
The article even says that they don't believe this can allow remote code execution so it's very likely this is something as simple as "I can make remote desktop dereference a NULL pointer" - which is really not a big deal unless time shows that remote desktop is more generally broken.
Sounds like you need to break in and teach his ass a lesson.
Start with changing his wallpaper to a large font message saying "YOUR A DUMBASS! YOU CALL THIS SECURITY? SCREW YOU !"
Leave it alone for a few weeks, see if he tries to change his ways. If not, keep the torment going. Hidden VNCs are nice.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
When you turn RD on in windows, it automagically opens the required port (3389) with windows firewall for you.
Running Windows 2000 myself and I use Kerio Personal Firewall 2.15, the last firewall in the 2.x series and the last "personal firewall" from Kerio I can tolerate.
It has some major issues, don't use the remote access for one. But it's a decent suppliment to the Windows Firewall on open source project was planned to build an open source clone, unfortunately it seems to be going nowhere.
Failing that, Sygate is a good choice.