Terminal Services at Risk for DoS Attack

Microsoft Corp. issued a fix Wednesday night to patch a Terminal Services bug that makes Windows servers vulnerable to a Denial-of-Service (DoS) attack.

The vulnerability affects systems running Windows NT 4.0 Terminal Server Edition as well as Windows 2000 Server and Windows 2000 Advanced Server, both of which incorporate integrated Terminal Services.

According to a bulletin that Microsoft sent to the subscribers of its security mailing list, the vulnerability can be exploited in a DoS attack by an attacker who sends a malformed packet to port 3389 on a server.

Microsoft’s Terminal Services implementation in both Windows NT 4.0 Terminal Server Edition and in Windows 2000 leverage a protocol, dubbed the Remote Data Protocol (RDP), which listens for requests on port 3389.

Each time a host system processes a malformed RDP packet, Microsoft says, system memory is depleted. It's possible that an attacker could send enough malformed RDP packets to exhaust the resources of a server and to cause it to stop responding to other (legitimate) requests.

The software giant cautions that an attacker does not have to successfully log into a Windows server in order to take it down. Instead, officials say, she has only to bombard port 3389 with malformed RDP packets.

Microsoft claims that IT organizations can safeguard against external attacks by blocking traffic intended for port 3389 on their firewalls or routers. To do so, however, would also restrict the ability of legitimate users outside of an organization to access terminal services.

The problem is serious, says Edward Ko, a network coordinator with the Pennsylvania State University, because the Terminal Services deployment options in Windows 2000 Server and Windows 2000 Advanced Server are among the most popular features of the operating system.

"Even if you don't have an 'Application Server' license to support a lot of users on Terminal Services, you can deploy [Terminal Services] in 'Remote Administration' mode," he explains, noting that IT managers commonly enable "Remote Administration" mode on Windows 2000 servers in order to let them manage these systems remotely.

"There are still a lot of things that you can't do in Windows 2000 with a command line," he says. "Because of this, integrated Terminal Services were a godsend."

The patch can be found here.

The vulnerability disclosure comes one day after Microsoft issued a fix for a memory leak vulnerability in its Services for Unix 2.0 that affected SFU's implementations of Telnet and the Network File System. Stephen Swoyer

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.