Media Center PCs prone to new DoS attack flaw
Microsoft has issued a security advisory over a flaw discovered in Remote Desktop Services, a component of Windows found in versions of Windows XP, Windows Server 2003 and Windows 2000.
The vulnerability, described in advisory number 904797, could enable a limited denial of service attack – it can be exploited to cause the Windows system to crash via a specially crafted RDP (Remote Desktop Protocol) request.
This protocol, which is used for example by Terminal Services, allows users to create a virtual session onto their desktop computer, allowing access to data and applications from another computer.
The advisory is of most relevance to Media Center PCs, because other version of Windows have the service disabled by default, reports Secunia, the provider of IT security services. Other mitigating factors are that an attacker could not use the vulnerability to take complete control of a PC, and standard firewall setups should inhibit such attacks.
Secunia reports on the flaw here, and it was first notified by network security specialist Tom Ferris.
Secunia rates the flaw as ‘Moderately Critical’.
At time of writing, Microsoft is unaware of any attack involving this potential flaw. While it is still investigating, it is also currently keeping its options open as to whether an individual fix will be released or whether it will be dealt with in its next scheduled monthly bulletin, which is due to appear 9 August.