TS - vulnerabilities?
Results 1 to 9 of 9

Thread: TS - vulnerabilities?

  1. #1
    Senior Member
    Join Date
    Apr 2004

    Question TS - vulnerabilities?

    Hope I'm not starting something already covered, but I couldn't find anything specific about what I want an answer to...

    A bunch of places (including my work) won't allow to have any servers running MS Terminal Services. I think myself it is the best and easiest way to do remote administration.
    A lot of people say it has too many vulnerabilities, but when asking for specific ones, they can't name any, just general stuff like, well... it's made by Microsoft.. !

    Anyone out there who knows anything about any specific vulnerabilities with MS Terminal Services?! Can you actually hack in to a server with TS running??


    ps. Good answers will be well rewarded!

  2. #2
    Senior Member
    Join Date
    Feb 2005
    AFAIK, most terminal service bugs have been fixed since SP2. However, it has a horrible trail of having VERY damaging exploits attached to it. Thus, the chances of it ending up being exploited in the future are very high.

    Here are a few examples. Even though some are old, it shows what I mean and explains why most admins won't allow Terminal Services on servers:


    Keep in mind that Terminal Services is part of the OS in terms of allowing remote administration connections, and thus it's very nature is allowing people on the outside to have complete control over said machine. Here is a link that talks in specific about the insecurities of Terminal Services and what possibilities you have towards securing them:


    Granted, it doesn't erase it's bad record of horrible past vulnerabilities. But now you know why. If you are interested in secured remote administration with a GUI interface, look into RealVNC. It's free, offers password connection protection and all the basic bangs and features. IIRC, the paid version also allows the entire connection to be encrypted.

    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Any account that has access to this service should have a VERY strong "passphrase" which should be changed often. There are a couple of threads here discussing these.

    users and their passwords are your weakest link.

    >edit< also...keep that TS machine patched and up to date...and that goes for the machine that you use to TS in from also
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Senior Member
    Join Date
    Apr 2004

    Thumbs up

    Very good and quick answer!!
    Thanks a lot guardian alpha!

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    The Great White North
    If you do a search on SecurityFocus BUGTRAQ you will get the following:

    Results for Terminal Services 1 to 15 of 144 results.
    Now many on them may already be patched, but it may be a place to start looking.


  6. #6
    Senior Member
    Join Date
    Apr 2004
    Thanks for all the quick and good replies!
    I do see why it may be considered a weak protocol to use, looking at the history.
    But is there anything current? Anyone knows an exploit or a vulnerability that currently can hack in to Win2003/Win2000 server with latest patches?

    Like Morganlefay said, users and their passwords are always a weak link, but that can be fixed with the right policies. Like lock the account out after like 5 tries, if somebody tries to run a password script or something...

    I could always change the port from 3389 to anything else as well...

    You can also make it to only allow for 128 bits encryption as well.

    Seems to me if there are no currently known vulnerabilities you can make it pretty well secure!?

    Thanks again!!

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Always force the high encryption for starters. Having good strong passwords on the accounts that can TS into the box and good password policies in place is a must as well. Also, don't merely open the port on your firewall to anyone out there, lock it down to a specific IP or set of authorized IPs. For example, open the port to your office IP only. Then VPN into your office and TS to the remote box. Might seem a bit of a run-around rather than TS'ing straight into the box, but it provides another "layer to the onion" so to speak.
    just making some minor adjustments to your system....

  8. #8
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    And here I was, when reading the title on the page for this thread, thinking you were talking about TeamSpeak!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    This is why we _only_ allow a TS connection _after_ a proper VPN authentication... Thus it is double authenticated and double encrypted from the start... This is why we monitor/log all VPN connection attempts and all TS attempts....

    Vorlin: I thought it was talking about my love of cute women with long legs, wonderful eyes and those other "items" that make a man go "OUCH... so nice it hurts!"....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts