ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

XP flaw allows for DoS attacks

Joris Evers CNET News.com

Published: 18 Jul 2005 09:15 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A newly discovered and as-of-yet unpatched security vulnerability in Windows XP could let an attacker remotely crash computers.

The flaw affects the Windows Remote Desktop Service, which lets users access their Windows PC from a remote location. An attacker could remotely exploit the problem to crash a victim's PC, according to a posting on the Security Protocols Web site earlier this week. The user would then see the Windows Blue Screen of Death.

Microsoft knows of the security flaw and is working on a patch, a company representative said on Friday.

"The issue was originally privately reported to Microsoft and we are working on an update that will be released when it is of the appropriate quality," the representative said. "The concern is that this has now gone public, potentially putting customers at risk."

According to the Security Protocols Web site, Microsoft was informed of the problem on 4 May and plans to release a patch as part of its August update cycle. Fully patched Windows XP machines — including those with the Service Pack 2 update and the firewall enabled — are vulnerable, according to Security Protocols.

In its initial review of the bug, Microsoft found that an attacker would not be able to run code on the victim's PC, but the attacker could cause the computer to stop responding, the representative said. Also, only computers that have the Remote Desktop Service enabled are vulnerable, she said. Windows ships with the service disabled, according to Microsoft.

Security researchers at iDefense are also looking into the vulnerability. "It does not look like it is more than a DoS," said Michael Sutton, a lab director at iDefense. "An attacker won't be able to take over your PC, but could knock it offline."

Security monitoring company Secunia rates the vulnerability "moderately critical", it said in an advisory issued on Thursday.

Microsoft said it is not aware of attacks that try to use the new vulnerability.

Reports of the new Windows flaw come in the same week that Microsoft patched two "critical" Windows vulnerabilities. Both those Windows flaws are actively being exploited by attackers, the Redmond, Washington, software giant said on Tuesday.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
116 out of 215 people found this useful


Talkback

Post a comment


Full Talkback thread

2 comments

  1. Huh? There is no service known as "Windows Remote... Anonymous
  2. Yes there is a Windows Remote Desktop Service that... da_neural

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Security Consultant - Immediate start

The desired candidate will have the following skillset: * Network Vulnerability Internal & External Testing * Configuration of Cisco switches / ...

Systems Administrator/ MCSE/ Server2003/ AD/ Exchange/ London/Retail

Systems Administrator/ MCSE/ Server2003/ AD/ Exchange/ MOM/ WINS/ TCP/IP/ Shift Work/ Patch Management/ Print Server Management. My client is looking ...

Software Engineer! Embedded, C,C++! Linux/Solaris! Protocols! Hants!

You are required to have strong embedded/C/C++ experience with a thorough understanding of Protocols and such as Signalling- SS7/TCP-IP and device ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation