On CBS MoneyWatch: 5 Things You Should Buy at Walmart
BNET Business Network:
BNET
TechRepublic
ZDNet
42 TalkBacks

By Joris Evers
Posted on ZDNet News: Jul 15, 2005 9:23:00 PM

A newly discovered and as-of-yet unpatched security vulnerability in Windows XP could let an attacker remotely crash computers.

The flaw affects the Windows Remote Desktop Service, which lets users access their Windows PC from a remote location. An attacker could remotely exploit the problem to crash a victim's PC in what's known as a denial-of-service attack, according to a posting on the Security Protocols Web site earlier this week. The user would then see the Windows "blue screen of death."

Microsoft knows of the security flaw and is working on a patch, a company representative said on Friday.

"The issue was originally privately reported to Microsoft and we are working on an update that will be released when it is of the appropriate quality," the representative said. "The concern is that this has now gone public, potentially putting customers at risk."

According to the Security Protocols Web site, Microsoft was informed of the problem on May 4 and plans to release a patch as part of its August update cycle. Fully patched Windows XP machines--including those with the Service Pack 2 update and the firewall enabled--are vulnerable, according to Security Protocols.

In its initial review of the bug, Microsoft found that an attacker would not be able to run code on the victim's PC, but the attacker could cause the computer to stop responding, the representative said. Also, only computers that have the Remote Desktop Service enabled are vulnerable, she said. Windows ships with the service disabled, according to Microsoft.

Security researchers at iDefense are also looking into the vulnerability. "It does not look like it is more than a DoS," said Michael Sutton, a lab director at iDefense. "An attacker won't be able to take over your PC, but could knock it offline."

Security monitoring company Secunia rates the vulnerability "moderately critical," it said in an advisory issued on Thursday.

Microsoft said it is not aware of attacks that try to use the new vulnerability.

Reports of the new Windows flaw come in the same week that Microsoft patched two "critical" Windows vulnerabilities. Both those Windows flaws are actively being exploited by attackers, the Redmond, Wash., software giant said on Tuesday.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 42 Talkback(s)
Clarifications for Mr. Ferrara.
`` It is obvious to me that your stance that MS is an immoral company clearly guides your analysis of their products. While MS products are flawed (as are all complex software products), they still ge... (Read the rest)
Posted by: michael_t Posted on: 07/19/05 You are currently: a Guest | | Terms of Use
Season time for Attacks  Andromedat6 | 07/15/05
Remote Desktop Service  Grayson Peddie | 07/15/05
Thanks! And? (nt)  michael_t | 07/15/05
is only availavle in Professional Edition of Windows XP???  bka1959 | 07/16/05
I agree  rick752 | 07/16/05
Never use that service  Boot_Agnostic | 07/15/05
Right. The problem is when OTHERS use it on your desktop.  michael_t | 07/15/05
Those are some presumptuous comments there kiddo  Boot_Agnostic | 07/17/05
Your replies are really full of water (and gasses wink  michael_t | 07/18/05
You took much offensive for someone who 'attacked' first  Boot_Agnostic | 07/18/05
Fair and Balanced (NOT the Fox style)  michael_t | 07/18/05
Well maybe there is a lesson for the two of us  Boot_Agnostic | 07/18/05
re: Well maybe there is a lesson for the two of us  michael_t | 07/18/05
Windows Flaws menu item  Otto_Delete | 07/15/05
How would they know?  Yagotta B. Kidding | 07/15/05
A flaw in Windows ????  realitycheck101 | 07/15/05
now hold on a sec pal  Jeff Spicoli | 07/15/05
Score +5 (Funny)  Sabz5150 | 07/15/05
His or others?  Boot_Agnostic | 07/15/05
I was just enlightened!!!!  Jeff the god of biscuits | 07/15/05
Wow, you kiss your forum MOM with that mouth  Boot_Agnostic | 07/15/05
Re: A flaw in Windows ????  node357 | 07/15/05
a complete moron?  Tommy Gun | 07/16/05
Early Warnings  Yensi717 | 07/15/05
MS Windows  michael_t | 07/15/05
Funny  vferrara | 07/16/05
I think you are replying to someone else's OP. Save your witts  michael_t | 07/16/05
Are you sure?  vferrara | 07/17/05
I was impressed this time by the witts and the flakes.  michael_t | 07/18/05
Funny guy  vferrara | 07/18/05
Yes I agree with you I am a fine funny guy...  michael_t | 07/18/05
Clarification for Dr. T  vferrara | 07/19/05
But how did they manage to create a  michael_t | 07/15/05
Hey Michael_t  welderman38 | 07/16/05
These are really very beautiful thoughts  michael_t | 07/16/05
DoS Attacks and Virus passing - Done by LOSERS  welderman38 | 07/16/05
Yet another flaw? I thought these were trickling to a drip...  HypnoToad | 07/16/05
Windows Firewall  rick752 | 07/16/05
misunderstanding....  JoeMama_z | 07/18/05
Is that true?  rick752 | 07/18/05
Lets sue M$  IT_Critic | 07/18/05
Clarifications for Mr. Ferrara.  michael_t | 07/19/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here