Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Batch of XP SP2 Holes

Posted by CowboyNeal on from the yet-again dept.

terap writes "Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in the 'Remote Desktop' feature. It affects fully patched versions of Windows XP Service Pack 2, even with the integration firewall turned on. There is a possibility this could lead to code execution attacks."

14 of 274 comments (clear)

  1. Hardware Firewall by ForumTroll · · Score: 4, Insightful

    Seriously people they're cheap as hell and much superior to anything you're going to get from Microsoft on a software level. Just close all ports on the hardware firewall, except the few that you need, and try to keep your computer updated. It's really a very simple process and can save you tons of time in the end.

    --
    "A Lisp programmer knows the value of everything, but the cost of nothing." - Alan Perlis
    1. Re:Hardware Firewall by awkScooby · · Score: 4, Insightful
      A hardware firewall is good advice for a home user, but isn't as good a solution for a big company or university where Remote Desktop is used as a support tool. Sure, there will be corporate firewalls which protect desktops from the Internet, and maybe even from some other internal networks, but all it takes is one worm on someone's laptop to bypass the corporate firewall(s).

      I'm curious as to whether 3rd party software firewalls for windows are impacted by this or not. If not, then this hole (and others which are likely to follow) would provide a good justification for purchasing and deploying a 3rd party solution.

  2. Firewall too? by peawee03 · · Score: 4, Interesting

    Isn't a firewall supposed to block incoming connections unless specifically allowed? So how can this flaw with RD still affect it with the firewall turned on? TFA doesn't make much of a mention of this.

    --
    I wish I could write clever and witty sigs.
  3. Other implementations of RDP by morgan_greywolf · · Score: 5, Interesting

    Does this perhaps affect other implementations of RDP, like the one included with Gnome?

    --
    My blog
  4. don't use the standard RDC Port by Anonymous Coward · · Score: 5, Informative

    I use Remote Desktop quite often, it can be very useful and it's more transparent and efficient than PcAnywhere.

    What i do is change the port that RDC uses, from the standard 3389 to a unique port. To do this, go to registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\TerminalServer\WinStations\RDP-Tcp\PortNumber
    change the decimal value, and reboot.

    1. Re:don't use the standard RDC Port by lheal · · Score: 4, Insightful

      That's not even a first line of defense. OK, so you get past people scanning your whole /16 for open port 3389. But

      nmap -v -sV -O your.box.net
      will reveal that port running RDC on your.box.net the same as if it were on the default 3389.

      Keep in mind that unusual results draw more attention. You want to be invisible, or at least, to look like as many others as possible.

      --
      Raise your children as if you were teaching them to raise your grandchildren, because you are.
    2. Re:don't use the standard RDC Port by tyler_larson · · Score: 4, Insightful
      That's not even a first line of defense.

      Actually, it's a wonderful first line of defense. In fact, it's a wonderful procedure to follow for all remote access (if possible) because of two main reasons:

      First, you're safe from worms. That's not an insignificant thing. The vast majority of all attacks (especially against Windows boxes) are perpetrated through some automated process--worms or other malware. These programs generally don't waste time doing in-depth scans of computers. If you're configured differently than the rest of the flock, you're not worth the time.

      Second, you're safe from casual portscans. My own servers are scanned at least 20 times a day, and often over a hundred. To save time, these scans only hit the "interesting" ports. If you don't look immediately interesting, you'll just be passed by.

      That whole bit about keeping the default setup to avoid extra attention is a bunch of BS. There's nothing terribly suspicious about running a service on a non-standard port. Furthermore, it doesn't matter how interesting or uninteresting a host appears. If you're configuration is exploitable, you'll be exploited when discovered. And if you look just like everyone else, well then everyone else will be exploited too.

      There is no strength in numbers, and there is no real strength in solitude. But if you can avoid detection, then you've avoided an attack. That's like hiding your valuables to avoid theft: It's not a reliable defense, but it's simple and works often enough to make for a reasonable precaution.

      --
      "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
      RFC 1925
  5. Heh by mcc · · Score: 4, Funny
    The software maker's confirmation follows public disclosure of the vulnerability by a private security researcher who goes by the moniker "badpack3t."
    I'm sorry, I can't read past that point in the article. I'm laughing too hard.
    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts
  6. An entirely new approach by AtariAmarok · · Score: 4, Funny

    It has been years now, and Microsoft's solution to plugging this has never worked. How about an entirely new approach?

    --
    Don't blame Durga. I voted for Centauri.
  7. Re:This is news-worthy because...? by lakcaj · · Score: 5, Funny


    You must be new here.

  8. Monty Python's Crashing Windows by PakProtector · · Score: 4, Funny

    Father: They told me I was daft to build Windows, but I built it anyway! It was full of flaws and suffered horrible exploits.

    Father: So I built another Windows! It was full of flaws and suffered horrible exploits.

    Father: So I built a third Windows. It was full of flaws and suffered horrible exploits and the Remote Desktop Feature could be hijacked causing it to crash.

    Father: So I built a Forth Windows! And it had DRM! And that's what you're going to be inheriting lad! The most bloated, useless feature, locked-out OS in these here lands!

    Son: But mothe-

    Father: I'm your father!

    Son: But father... I don't want any of that.

    Father: Well what do you want?!

    Son: I want... something... bug free... and... fre-...

    Father: Hey! Hey, now! They're be none of that!

    --

    Edward@Tomato - /home/Edward/ man woman
    man: no entry for woman in the manual.
    "Qua!?"

    1. Re:Monty Python's Crashing Windows by richie2000 · · Score: 4, Funny
      Couldn't you have him start off with the Free Software Song while the Father jumps in and stops him? :-D

      - One day lad, all this will be yours!
      - Wot, the curtains?
      - No, the Windows!

      --
      Money for nothing, pix for free
  9. Re:Who the fuck... by Tezkah · · Score: 4, Interesting

    I've had too many problems with firewalls from ZoneAlarm, Kerio, etc, especially with them causing XP to hang on boot, skyrocketing memory use, etc, especially compared to the extremely basic windows firewall (I'm behind a router, I don't need much out of a firewall.)

    I work in a call center for a major US ISP. Do you know how often we get people calling in because Norton Internet Security is screwing up? I talked to at least two people personally just yesterday, one couldn't get his email because Norton would cause the connection to the server to close, another lady could open up PORT 80 TO BROWSE THE INTERNET. These people didn't change any settings on NIS, it just caused this on its own. I know that IE isn't secure, but that's a little extreme.

    The XP Firewall hasn't bothered me at all, not a memory hog for something as simple as a firewall, and hasn't caused me any problems, which is more than I can say about ZoneAlarm/Kerio.

    Tell me, what makes it not a real firewall? It blocks ports.

  10. DOS-attack by jiushao · · Score: 4, Informative
    No need to blow this out of proportion; from the article:

    In an advisory posted at SecurityProtocols.com, the researcher described the issue as a remote kernel denial-of-service flaw affecting XP SP2, with the default firewall turned on.

    I know Slashdot loves to hold Microsoft to golden standards, but a DOS-attack in a not overly important desktop daemon is hardly huge news. At the very least it happens to a lot of OS's a lot of the time.