Windows Remote Desktop May Let Remote Users Crash the System
Results 1 to 7 of 7

Thread: Windows Remote Desktop May Let Remote Users Crash the System

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055

    Windows Remote Desktop May Let Remote Users Crash the System

    From Zone-H.org:

    08/04/2004

    Description: A denial of service vulnerability was reported in the Windows Remote Desktop service in Windows XP and Windows 2003. A remote user can cause the target system to crash in some cases.

    Nick Lowe reported that on systems with Remote Desktop enabled, a remote user can hold down the Windows Key and the "U" key simultaneously and continuously at the login prompt to cause the target system to crash. The key sequence reportedly causes the target system to continually load the Windows utility manager, which will terminate if another instance is detected. However, it is reported that on some systems, instances of Windows utility manager can be loaded more quickly than they are terminated, causing all available memory to be consumed.

    According to the report, Windows XP SP2 appears to be not vulneralble. Also, higher-performance systems are not affected.

    Impact: A remote user may be able to cause the target system to crash.

    Solution: No solution was available at the time of this entry.

    Vendor URL: www.microsoft.com/technet/security/

    Cause: Resource error, State error

    Underlying OS: Windows (2003), Windows (XP)

    Reported By: "Nick Lowe" <15320@oakham.rutland.sch.uk>
    And here's some more information.
    Space For Rent.. =]

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    do you mean to say that people actualy leave that service running?

    And why the hell an ordinary user would also want or need Remote registry service.. there is another accident waiting to happen..

    Spyder32.. sry.. Thanks for the info


    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    Member
    Join Date
    Jul 2004
    Posts
    60
    That's a problem I think I'm going to have to go tell the server guys about now...

    lol

    We use remote desktop on the servers

  4. #4
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Remote desktop is the fastest remote tool for Windows from my perspective. It's pretty secure as well. I tried this on my test server with no crash. It is NOT enabled by default anyway so those effected are actively using it as a tool to manage networks at the same risk level as other remote tools.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    In Win2K the Utility Manager is listed as a service, which can be disabled, however, in Win2003 server it is called something else (apparently) because I don't see the service listed.

    And why the hell an ordinary user would also want or need Remote registry service.. there is another accident waiting to happen..
    Agreed old buddy but even with RRS disabled, this problem still exists.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Yeah, we use it here too. I've even downloaded RDC to Windows 2000 machines because I like it much better than terminal services. Thanks for the heads-up Spyd.

  7. #7
    Member
    Join Date
    May 2004
    Posts
    33
    This seems like a race-conditions sort of exploit: most of the time XP will be able to load the utility manager before the next utility manager request can come in (and therefore close the existing one before spawning another).
    But if it's an especially slow or overworked server, I imagine several reqests for the utility manager could be made before the program is actually loaded, allowing the user to spawn processes endlessly.
    I couldn't get this to work on my systems, and I wouldn't imagine that it works on most XP servers unless they're especially overworked.
    Any other interpretations of the mechanics behind this exploit?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •