Vulnerability Note VU#490628
Microsoft Windows Remote Desktop Protocol service input validation vulnerability
An input validation error in the Microsoft Remote Desktop Protocol (RDP) service may allow a remote attacker to cause a denial-of-service condition.
Microsoft describes the Remote Desktop Protocol (RDP) as follows.
RDP is based on, and is an extension of, the T.120 protocol family standards. It is a multichannel-capable protocol that allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data.
The RDP service is not enabled by default on Microsoft Windows, but may be enabled if the following components are installed and running:
This vulnerability allows unauthorized, remote attackers to crash a system running the RDP service resulting in a denial-of-service condition.
Apply An Update
Microsoft has addressed this issue in Microsoft Security Bulletin MS05-041.
Microsoft recommends the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors.
Disabling Terminal Services, Remote Desktop, Remote Assistance, and Windows Small Business Server 2003 Remote Web Workplace may reduce the risk of exploitation.
Block port 3389/tcp at the perimeter:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||09 Aug 2005|
CVSS Metrics (Learn More)
This document was written by Jeff Gennari and Will Dorman
- CVE IDs: CAN-2005-1218
- Date Public: 14 Jul 2005
- Date First Published: 09 Aug 2005
- Date Last Updated: 06 Sep 2005
- Severity Metric: 16.12
- Document Revision: 65
If you have feedback, comments, or additional information about this vulnerability, please send us email.