-
August 4th, 2004, 11:58 AM
#1
Windows Remote Desktop May Let Remote Users Crash the System
From Zone-H.org:
08/04/2004
Description: A denial of service vulnerability was reported in the Windows Remote Desktop service in Windows XP and Windows 2003. A remote user can cause the target system to crash in some cases.
Nick Lowe reported that on systems with Remote Desktop enabled, a remote user can hold down the Windows Key and the "U" key simultaneously and continuously at the login prompt to cause the target system to crash. The key sequence reportedly causes the target system to continually load the Windows utility manager, which will terminate if another instance is detected. However, it is reported that on some systems, instances of Windows utility manager can be loaded more quickly than they are terminated, causing all available memory to be consumed.
According to the report, Windows XP SP2 appears to be not vulneralble. Also, higher-performance systems are not affected.
Impact: A remote user may be able to cause the target system to crash.
Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/technet/security/
Cause: Resource error, State error
Underlying OS: Windows (2003), Windows (XP)
Reported By: "Nick Lowe" <15320@oakham.rutland.sch.uk>
And here's some more information.
-
August 4th, 2004, 02:55 PM
#2
do you mean to say that people actualy leave that service running?
And why the hell an ordinary user would also want or need Remote registry service.. there is another accident waiting to happen..
Spyder32.. sry.. Thanks for the info
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 4th, 2004, 02:59 PM
#3
Member
That's a problem I think I'm going to have to go tell the server guys about now...
lol
We use remote desktop on the servers
-
August 4th, 2004, 03:18 PM
#4
Remote desktop is the fastest remote tool for Windows from my perspective. It's pretty secure as well. I tried this on my test server with no crash. It is NOT enabled by default anyway so those effected are actively using it as a tool to manage networks at the same risk level as other remote tools.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
August 4th, 2004, 04:06 PM
#5
In Win2K the Utility Manager is listed as a service, which can be disabled, however, in Win2003 server it is called something else (apparently) because I don't see the service listed.
And why the hell an ordinary user would also want or need Remote registry service.. there is another accident waiting to happen..
Agreed old buddy but even with RRS disabled, this problem still exists.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 4th, 2004, 04:08 PM
#6
Yeah, we use it here too. I've even downloaded RDC to Windows 2000 machines because I like it much better than terminal services. Thanks for the heads-up Spyd.
-
August 4th, 2004, 07:42 PM
#7
This seems like a race-conditions sort of exploit: most of the time XP will be able to load the utility manager before the next utility manager request can come in (and therefore close the existing one before spawning another).
But if it's an especially slow or overworked server, I imagine several reqests for the utility manager could be made before the program is actually loaded, allowing the user to spawn processes endlessly.
I couldn't get this to work on my systems, and I wouldn't imagine that it works on most XP servers unless they're especially overworked.
Any other interpretations of the mechanics behind this exploit?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|