AFAIK, most terminal service bugs have been fixed since SP2. However, it has a horrible trail of having VERY damaging exploits attached to it. Thus, the chances of it ending up being exploited in the future are very high.
Here are a few examples. Even though some are old, it shows what I mean and explains why most admins won't allow Terminal Services on servers:
http://cert.uni-stuttgart.de/archive.../msg00009.html
http://securityresponse.symantec.com...tent/2311.html
http://www.securityfocus.com/bid/3541/info/
http://www.securiteam.com/windowsntf...QP0M2A4UI.html
Keep in mind that Terminal Services is part of the OS in terms of allowing remote administration connections, and thus it's very nature is allowing people on the outside to have complete control over said machine. Here is a link that talks in specific about the insecurities of Terminal Services and what possibilities you have towards securing them:
http://www.windowsecurity.com/articl..._Services.html
Granted, it doesn't erase it's bad record of horrible past vulnerabilities. But now you know why. If you are interested in secured remote administration with a GUI interface, look into RealVNC. It's free, offers password connection protection and all the basic bangs and features. IIRC, the paid version also allows the entire connection to be encrypted.
http://www.realvnc.com/
Reply With Quote