Re: Please install MS05-041 if you are running Remote Desktop expo

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I've experienced the same problem after installing MS05-041 on a domain
controller. A Netmon comparison with an unpatched server shows that the
patched server is sending a packet with a TCP reset flag at the point where
the connection would otherwise begin normally.

Since the RDP protocol is almost entirely undocumented our only solution to
this problem seems to be to remove the patch and begin deploying IPSEC to
avoid the potential DOS; does anyone have any solution to this problem or
know whether the patch is to be recalled? What would be *extremely* useful
would be some sort of debugging flag for TS connections.

Thanks-

James Ervin
Chapel Hill, NC

"anderscandell@xxxxxxxxx" wrote:

> A little warning though. I installed the patch on my Windows 2003 SP1
> server, and after a reboot the remote desktop didn't work anymore.
> After uninstalling the patch, it was fine again.
> I have changed the port for the remote desktop listener, which might
> have something to do with this but you would think that MS have tested
> this before releasing the patch.
>
>
> Bill Sanderson wrote:
> > http://www.microsoft.com/technet/security/bulletin/MS05-041.mspx
> >
> > Yesterday was the day Microsoft released security patches for August.
> >
> > Among them was this patch which involves a Denial of Service (DOS) exploit
> > against Remote Desktop.
> >
> > Previous to this release, the details of the vulnerability were not public.
> > They are now, as I understand it.
> >
> > Several of the security patches for this month may be much more significant
> > than this one since they involve remote code execution, but if you are
> > running RDP, youi should get this one in place to avoid future problems, I
> > believe.
> >
> > --
>
>
.

Relevant Pages