Microsoft admits DoS flaw
p2pnet.net News:- Microsoft admits there’s a serious hole in its Remote Desktop Services that could allow hackers to launch Denial of Service (Dos) attacks on computers running XP and other software.
It`s now aggressively investigating new public reports of the flaw, which it promises wouldn`t allow an attacker to actually take control of the system.
It warns that, Remote Desktop is enabled by default on Windows XP Media Center Edition, although services using RDP aren`t enabled by default.
Affected are:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft says suggested work-arounds include:
Block TCP port 3389 at the firewall.
Disable Terminal Services or the Remote Desktop feature if they’re not required.
Secure Remote Desktop Connections by using an IPsec policy.
Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection.
July 18th, 2005 at 11:33 pm
Looks like you forgot to post the source of this flaw:
http://security-protocols.com/modules.php?name=News&file=article&sid=2783
July 18th, 2005 at 11:34 pm
Looks like you forgot to post the source of this flaw:
Tom Ferris
SP Research Labs
http://security-protocols.com/modules.php?name=News&file=article&sid=2783
July 19th, 2005 at 5:10 am
Seems like every few days a new flaw or hole is exposed as possible hack. It goes on and on seemlngly without letup.
I have read reports of many flaws that have been reported yet microsucks didn’t want to do anything about them, as they went on for several years before addressing the issue. Something is seriously wrong with a corporation depending on the good will of the customer and yet refuses to grant the security it takes to ensure the customer is satisfied. That wrong is greed.
It is on both sides of the issue. Microsucks we can understand I think. It is about how much can be pulled in out of your pocket. Rather than fix the security hole, how about they sell you a program to do that? Maybe call it spyware remover or something. While they are at it they can sell businesses a premade program to check in users computers to see what they are interested in this year. Perhaps they can call that a spy program. Then lets see, maybe a trojan remover, or an antivirus remover?
I think you get the picture.
July 19th, 2005 at 3:45 pm
you demonstrate a basic lack of understanding when it comes to writting software….
ever wonder how we ave Redhat version 13 (ent4 after RHL 9) Mac OSX (10), Debian 3…
Basically, no OS, (it seems no matter who makes it) is perfect or bug free,,, but with each new patch/servicepack/version release the OS does come a long way closer to becoming buig free.
If you are so Anti Micro$ucks why not switch to using Linux?
then you can pay £1500 for a server OS with support for 1 year of updates.
then you could perhaps buy another £1500 for the next year…
or you can stay with Microsofdt, pay £300 for the server and recieve limitless updates for life…
July 19th, 2005 at 8:54 pm
I realize that bugs come with new software. It is hardly suprising as many of the bugs are the result of combinations of different software and not the code for the original program. Those can hardly be tested to their full extent prior to release and that isn’t the issue I speak of.
As for switching to Linux, what do you think I am writing this on? It sure isn’t microsucks, I can promise you that. Since I am not running business servers I have little need for server support. It is strange though that over 70% of the hosts of websites around the world run Apache. Could it be to do with security issues?
What is the issue is that many of the security holes in Windows is purposely done. That rather than fix the code so that it is tighter isn’t the goal of Microsucks. Microsucks goal is how much money they can pull in. They do so by purposely exploiting those holes rather than fix them if they don’t have to. So they will be more happy to sell you a cure than fix the source of the problem. In many cases they are well aware of those holes for several years and those holes go without cures until absolutely necessary. In contrast, security patches are issued rather fast in Linux and on the whole they are effective at the start.
The main reason that Microsucks is pricing its server costs so low is to try and do the same thing it has done with the OS for personal use. Try and take over the market. Charging full value isn’t appropriate till they have the market sewed up. That is one reason the OS is so expensive now. One would think that with greater use would come a bit cheaper prices. However with Microsucks it doesn’t work that way. The newest release of an OS creates a never-ending source of revenue for them and they release every few years a new modified OS which keeps the money flowing in. Running MS products is no cost saver when you also wind up needing to purchase firewall, antivirus, antispyware, and anti this and that. Better to have a more secure code and not need it all.