Re: Please install MS05-041 if you are running Remote Desktop expo
- From: "James Ervin" <JamesErvin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 Aug 2005 10:59:01 -0700
Bill-
I thought I would pass along this tip--we rebooted one of the affected
domain controllers again, and the problem resolved itself. This leads me to
believe that it might be possible to resolve the problem by deleting the
default RDP-Tcp connection object and re-creating it in the Terminal Services
Configuration MMC, but we haven't tested to verify this--also, that process
might require a reboot anyway, in which case recreating the connection would
be redundant.
Our DCs are Windows 2003 Enterprise Edition, SP1. The problem does not apear
to be related to encryption; we can now switch between the
"client-compatible" and "high" modes without difficulty.
It would still be nice to have this addressed in the patch documentation if
it is a necessary step for domain controllers.
James Ervin
Chapel Hill, NC
"anderscandell@xxxxxxxxx" wrote:
> For the record, my server is also a domain controller.
>
> /Anders
>
> James Ervin skrev:
>
> > I've experienced the same problem after installing MS05-041 on a domain
> > controller. A Netmon comparison with an unpatched server shows that the
> > patched server is sending a packet with a TCP reset flag at the point where
> > the connection would otherwise begin normally.
> >
> > Since the RDP protocol is almost entirely undocumented our only solution to
> > this problem seems to be to remove the patch and begin deploying IPSEC to
> > avoid the potential DOS; does anyone have any solution to this problem or
> > know whether the patch is to be recalled? What would be *extremely* useful
> > would be some sort of debugging flag for TS connections.
> >
> > Thanks-
> >
> > James Ervin
> > Chapel Hill, NC
> >
> > "anderscandell@xxxxxxxxx" wrote:
> >
> > > A little warning though. I installed the patch on my Windows 2003 SP1
> > > server, and after a reboot the remote desktop didn't work anymore.
> > > After uninstalling the patch, it was fine again.
> > > I have changed the port for the remote desktop listener, which might
> > > have something to do with this but you would think that MS have tested
> > > this before releasing the patch.
> > >
> > >
> > > Bill Sanderson wrote:
> > > > http://www.microsoft.com/technet/security/bulletin/MS05-041.mspx
> > > >
> > > > Yesterday was the day Microsoft released security patches for August.
> > > >
> > > > Among them was this patch which involves a Denial of Service (DOS) exploit
> > > > against Remote Desktop.
> > > >
> > > > Previous to this release, the details of the vulnerability were not public.
> > > > They are now, as I understand it.
> > > >
> > > > Several of the security patches for this month may be much more significant
> > > > than this one since they involve remote code execution, but if you are
> > > > running RDP, youi should get this one in place to avoid future problems, I
> > > > believe.
> > > >
> > > > --
> > >
> > >
>
>
.
- References:
- Please install MS05-041 if you are running Remote Desktop exposed to the Internet
- From: Bill Sanderson
- Re: Please install MS05-041 if you are running Remote Desktop exposed to the Internet
- From: anderscandell
- Re: Please install MS05-041 if you are running Remote Desktop expo
- From: James Ervin
- Re: Please install MS05-041 if you are running Remote Desktop expo
- From: anderscandell
- Please install MS05-041 if you are running Remote Desktop exposed to the Internet
- Prev by Date: Re: Please install MS05-041 if you are running Remote Desktop expo
- Next by Date: Re: PPTP VPN Classful Routing
- Previous by thread: Re: Please install MS05-041 if you are running Remote Desktop expo
- Next by thread: Remote off the same router
- Index(es):
Relevant Pages
|
