Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Batch of XP SP2 Holes

Posted by CowboyNeal on from the yet-again dept.

terap writes "Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in the 'Remote Desktop' feature. It affects fully patched versions of Windows XP Service Pack 2, even with the integration firewall turned on. There is a possibility this could lead to code execution attacks."

11 of 274 comments (clear)

  1. Re:Firewall too? by minus_273 · · Score: 3, Informative

    windows firewall opens a port for rdesktop by default

    --
    The war with islam is a war on the beast
    The war on terror is a war for peace
  2. Re:I Never Use Remote Desktop by Anonymous Coward · · Score: 2, Informative

    Remote Desktop is actually cool as hell. It is by far the best remote terminal service of any OS I've used.

    It is also just about the only legitimate reason to buy (or otherwise own) Windows XP over Windows 2000.

    And finally, it is also... guess what... turned off by default.

    Move along, nothing to see here...

  3. don't use the standard RDC Port by Anonymous Coward · · Score: 5, Informative

    I use Remote Desktop quite often, it can be very useful and it's more transparent and efficient than PcAnywhere.

    What i do is change the port that RDC uses, from the standard 3389 to a unique port. To do this, go to registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\TerminalServer\WinStations\RDP-Tcp\PortNumber
    change the decimal value, and reboot.

    1. Re:don't use the standard RDC Port by myrdred · · Score: 2, Informative

      While you are correct that a human hacker would still be able to find out what port RDC is running on, and then proceed exploit it (if there is an exploit), changing the port will still protect from automated worms that would just go for port 3389 and try to do their exploits.

  4. Re:Firewall too? by kayen_telva · · Score: 2, Informative

    no, it does not
    well, kind of

    it opens a port for remote desktop IF you enable remote desktop.

    so, the question is, does this exploit affect xp sp2 if rdp has never been enabled ?

  5. DOS-attack by jiushao · · Score: 4, Informative
    No need to blow this out of proportion; from the article:

    In an advisory posted at SecurityProtocols.com, the researcher described the issue as a remote kernel denial-of-service flaw affecting XP SP2, with the default firewall turned on.

    I know Slashdot loves to hold Microsoft to golden standards, but a DOS-attack in a not overly important desktop daemon is hardly huge news. At the very least it happens to a lot of OS's a lot of the time.

  6. Good news, it does. by fbartho · · Score: 2, Informative

    Actually, it does have a port option. syntax: ipaddress:port just put a colon in, the same as when you access any webservices not running on port 80

    --
    Gravity Sucks
  7. Re:Unrealistic... by Not_Wiggins · · Score: 2, Informative

    Blocking every port from 1024-65555 is unrealistic...
    In fact, if you use passive FTP to download anything from the internet, if you use MSN Messenger to transfer files or view webcams, if you transfer files by DCC via an IRC client... or use any other application which is not port range specific.
    This means that anytime you need to do such thing you have to manually open wide 1024-65535 ports and go back to normal mode after.

    You're forgetting that a lot of these firewalls have stateful connections... meaning, if you originate a connection out (such as with passive FTP... you're told which port to connect to), it automatically is allowed back in in response.

    And for services that require that you have ports open and back to the particular computer (active ftp, eMule, the webcam stuff, etc), a lot of the modern firewalls also include support for Port Triggering. Basically, if you specify the ports you'll want to use in the firewall, it can automatically forward that range of ports to whichever internal computer "triggers the port forwarding." This means, you can use eMule... then your roomate can use it after just by hitting the firewall trigger. An example of how this might look on a somewhat typical home firewall is here: D-Link firewall.

    And if that sounds complicated, it is no more complicated then having to tell the Windows firewall to allow those same connections into the computer.

    The home hardware firewall is very easy to use... and the parent stated, there's no reason for everyone to have one. Heck, even my 60 year-old mom uses one. 8)

    --
    Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
  8. Re:Hardware Firewall by X0563511 · · Score: 2, Informative

    Sounds like you need to break in and teach his ass a lesson.

    Start with changing his wallpaper to a large font message saying "YOUR A DUMBASS! YOU CALL THIS SECURITY? SCREW YOU !"

    Leave it alone for a few weeks, see if he tries to change his ways. If not, keep the torment going. Hidden VNCs are nice.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  9. Re:Firewall too? by Cruithne · · Score: 2, Informative

    When you turn RD on in windows, it automagically opens the required port (3389) with windows firewall for you.

  10. Re:Who the fuck... by baadger · · Score: 2, Informative

    Running Windows 2000 myself and I use Kerio Personal Firewall 2.15, the last firewall in the 2.x series and the last "personal firewall" from Kerio I can tolerate.

    It has some major issues, don't use the remote access for one. But it's a decent suppliment to the Windows Firewall on open source project was planned to build an open source clone, unfortunately it seems to be going nowhere.

    Failing that, Sygate is a good choice.