Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Batch of XP SP2 Holes

Posted by CowboyNeal on from the yet-again dept.

terap writes "Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in the 'Remote Desktop' feature. It affects fully patched versions of Windows XP Service Pack 2, even with the integration firewall turned on. There is a possibility this could lead to code execution attacks."

11 of 274 comments (clear)

  1. Firewall too? by peawee03 · · Score: 4, Interesting

    Isn't a firewall supposed to block incoming connections unless specifically allowed? So how can this flaw with RD still affect it with the firewall turned on? TFA doesn't make much of a mention of this.

    --
    I wish I could write clever and witty sigs.
    1. Re:Firewall too? by Anonymous Coward · · Score: 1, Interesting

      Why do you expect a firewall to protect a system that runs that firewall?

      Several years ago a friend of mine asked me to reinstall a badly infected WinXP machine, the times of MS Blast storms. I was curious about how well the WinXP built-in firewall can protect the machine for users without hardware firewalls, so I reformatted/reinstalled it offline, turned the firewall On, verified that it does drop packets and doesn't allow telnetting to any port (by turning it Off, telnetting, turning it On, telnetting again). Everything was as tight as it could be on that machine. Then I plugged it in directly, without hardware firewalls, and tried to download updates. In several mins it was blasted out by MS Blast, right through that useless MS firewall (yes, it was still enabled).

      The point is - you can't protect an OS from exploits by a firewall that is being run by that very OS. They are only good to keep installed software from "calling home". If you need to protect your machine from external attacks, the firewall should be between that machine and Internet, and should not allow "bad" packets to reach the machine, at all. Means - a hardware firewall.

      P.S. I reinstalled it again and successfully updated from behind a perimeter router.

  2. Honestly by ZakuSage · · Score: 2, Interesting

    Why would anyone turn Remote Desktop on unless they know specifically that they're going to use it? The very name of it makes it sound like it's a problem waiting to happen. Even though I use Linux, I made a note of making sure any Remote Desktop feature was disabled.

  3. Other implementations of RDP by morgan_greywolf · · Score: 5, Interesting

    Does this perhaps affect other implementations of RDP, like the one included with Gnome?

    --
    My blog
  4. Re:I Never Use Remote Desktop by ForumTroll · · Score: 2, Interesting

    Honestly some of the stuff they have turned on in the default install is just idiotic. I strongly suggest to anyone after installing windows to configure their services because half of the default services are ones they will never need/use. On Windows XP just go to the run box and type in "services.msc" or "msconfig" to configure all your services. IIRC correctly services can be changed the same way for Windows NT and Windows ME (WORST OS EVER).

    --
    "A Lisp programmer knows the value of everything, but the cost of nothing." - Alan Perlis
  5. Re:Hardware Firewall by macaulay805 · · Score: 2, Interesting

    I have been battling with this exact problem for ages with one of my friends. Instead of reformatting/virus cleaning/spyware cleaning he'd rather just buy a whole new computer. He is currently on his 4th computer, but refuses to buy a $10 hardware firewall. These are not the cheap computers we buy and put together either, its the overpriced HP computers. The other reason why I do not want to touch his computer is this: One of my other friends brought over a NAV 9.0 CD and installed it, it detect a virus (unknown to me which one it is at this time), then this friend is no longer allowed at the house because it was the NAV 9.0 CD that was infected, not his unpatched (to this day) Windows XP (non SP anything) non firewalled porn cahce ridden spyware infested computer which contracted the disease before. Funny stuff. This guy, which basically BOUGHT an MCP, believes he is "THE SHIT" of computer techs can't even enable the damn Windows Firewall. Funny stuff, I come around every so often to hear the lunacy of his techness, the proably make a Bash quote or two out of 'em!

  6. Potentially serious... by ninja_assault_kitten · · Score: 2, Interesting

    I say medium at best... 1) Few corporate workstations have RDP enabled.
    2) Few corporate environments allow anonymous access to RDP (or Teminal Services).
    3) RDP isn't enabled on XPSP2 by default to begin with.
    4) There's no reason to believe this vul would allow remote code execution at this point.

  7. Re:Who the fuck... by Tezkah · · Score: 4, Interesting

    I've had too many problems with firewalls from ZoneAlarm, Kerio, etc, especially with them causing XP to hang on boot, skyrocketing memory use, etc, especially compared to the extremely basic windows firewall (I'm behind a router, I don't need much out of a firewall.)

    I work in a call center for a major US ISP. Do you know how often we get people calling in because Norton Internet Security is screwing up? I talked to at least two people personally just yesterday, one couldn't get his email because Norton would cause the connection to the server to close, another lady could open up PORT 80 TO BROWSE THE INTERNET. These people didn't change any settings on NIS, it just caused this on its own. I know that IE isn't secure, but that's a little extreme.

    The XP Firewall hasn't bothered me at all, not a memory hog for something as simple as a firewall, and hasn't caused me any problems, which is more than I can say about ZoneAlarm/Kerio.

    Tell me, what makes it not a real firewall? It blocks ports.

  8. Bugs are good for jobs by msbsod · · Score: 2, Interesting

    Your IT staff loves security holes. It gives them an important task, they get paid and with every patch they install they know the software keeps them busy and employed for a long time. The PC users in your organization or company are also happy, because someone takes care of their PC's. While the PC is down you can even chat an hour with your colleague. And the executives are proud that they have everything under control. Everybody feels good.

  9. Hmm by LooseChanj · · Score: 2, Interesting

    How exactly is this one problem a "batch"?

    --
    Mix the failings of Usenet with the shortcomings of the World Wide Web and the result is slashdot.
  10. Re:I Never Use Remote Desktop by VGPowerlord · · Score: 2, Interesting
    To address the services you explicitly mentioned, while I think Remote Registry being on by default is a Bad Item (tm), the other two have legitimate uses.

    Secondary Login is the Windows equivalent of the su command. I wouldn't recommend removing it. Not all users run with Administrator access. I'm posting this from my gaming machine, a Windows XP machine, as a Limited User.

    Server is part of the SMB networking system. While not useful in a corporate network, it is useful in a Peer to Peer network. As far as I can tell, disabling this is the same as disabling Samba's nmbd.

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011