Home > Privacy, Security > Windows RDP Exploit Discovered Windows RDP Exploit Discovered Submitted by GeekGod 2005-07-16 Privacy, Security 21 Comments A denial of service vulnerability reportedly affects the Windows Remote Desktop Protocol. Either disable RDP or make sure you have a firewall enabled for port 3389 until a fix is available. About The Author David Adams Follow me on Twitter @david_adams 21 Comments 2005-07-16 11:04 pm How to change the listening port for Remote Desktop http://support.microsoft.com/kb/306759/ (requires restart) How to configure the Remote Desktop client to connect to a specific port when you use Windows XP http://support.microsoft.com/kb/304304/ Don’t forget to update the firewall too 2005-07-16 11:14 pm the_trapper Not bad advice if you must use RDP until the fix is available, however, ideally one should disable RDP until a fix is available like the article says. There are plenty of secure alternatives available, my favorite being VNC: http://www.realvnc.com/ or its popular derivative TightVNC: http://www.tightvnc.com/ Some would argue that VNC is actually superior to RDP. It is definitely alot more cross-platform. 2005-07-17 1:32 am TBPrince How to change the listening port for Remote Desktop Aw… bad service to have a bug to. A bit disappointing… though I knew that could happen sometime. Thank you for your links as they’re very helpful. I think it would be good to change default port for RDP service when in cases like mine where I cannot disable it nor that’s inside an internal corporate network. Thanks again. 2005-07-16 11:17 pm vnc is a totally insecure protocol unless it is wrapped in something like an ssh forward or vpn tunnel. 2005-07-16 11:26 pm Beryllium VNC is slow as molasses. RDP – and the Unix RDesktop client, for connecting to RDP-enabled machines – is speedy enough for me to use as a primary connection. RDP is one of the few things MS has done right, IMO, even when you take into account the DoS flaw. 2005-07-17 6:34 am > RDP is one of the few things MS has done right Perhaps just because MS didn’t actualy wrote it RDP protocol is made from Citrix protocol. 2005-07-17 1:01 pm Wrong. Citrix use and developed an entirely different protocol (ICA?) RDP is based on a Netmeeting feature that was based on a standard protocol. 2005-07-16 11:45 pm Zenja Tsk tsk, silly microsoft, satisfying the demands of coorporate customers, hence the ports are ON by default. 2005-07-17 4:43 am n4cer It isn’t on by default. It must be enabled. 2005-07-17 2:11 pm Lettherebemorelight Sounds more like satisfying the demands or virus/worm writers and script kiddies to me. 2005-07-17 7:40 pm they are not on by default. but hey, way to understand the article before bashing someone. 2005-07-17 5:24 am vnc is a totally insecure protocol unless it is wrapped in something like an ssh forward or vpn tunnel. http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Fo… 2005-07-17 5:39 am zombie process “If an attack were successful, receipt of such a malformed Remote Desktop request could cause the vulnerable system to fail in such a way that it could cause a denial of service. Our investigation has determined that this is limited to a denial of service, and therefore an attacker could not use this vulnerability to take complete control of a system.” Okay – so, someone could potentially run DoS against your box. Solutions? TURN YOU BOX OFF!!!!!!! This is perhaps the dumbest thing I have ever heard. Would you buy this? : Warning: Criminals might use the key slot on your car to break into and steal your car – our recommendation for the meantime is to fill your key slots with epoxy, AND TO FILL YOUR GAS TANKS WITH SAND! This is asinine security. Someone might do something to your favorite toy, so you had better break it yourself? WTF? Is this a 1940s playground or a network we’re discussing? 2005-07-17 5:47 am zombie process “vnc is a totally insecure protocol unless it is wrapped in something like an ssh forward or vpn tunnel. http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Fo… WOW! Was that article written by a 13 year old? I really don’t mean to be an asshole, but that’s the type of article that a HS kid would write. BEWARE: PASSWORDS CAN BE CRACKED!!!!!!!!!!!! No Sh!t? I’d better hide under my bed! Listen – any service you run can be cracked. Any “pasworded” service you run can be cracked more easily – SSH is no different. If this is outside your realm of understanding, you should not be running a publicly accessible service. period. 2005-07-17 8:10 am “A denial of service vulnerability reportedly affects the Windows Remote Desktop Protocol. Either disable RDP or make sure you have a firewall enabled for port 3389 until a fix is available.” Or switch to Linux and never look back, and laugh, oh how I laughed. 2005-07-17 9:37 pm Fuck the proprietary and incredibly insecure Microseft system! 2005-07-18 1:58 am Although this thread is crap already I’ll just point out a few things. UltraVNC offers encryption built-in. It also has a Video Driver addon that makes it perform just as fast as RDP over slow connections. For Lan use even without the Video Driver VNC performs just as well as RDP. UltraVNC also has Chat AND file transfer and has a lot of neat features. And finally it offers something which trumps RDP in every possible way, True/real/actual desktop session access. You get your real desktop, not some terminal server profile. I’m not suggesting you go rip out your Terminal Servers, I use it all the time to do admin work, but if your looking for something a bit more advanced remote deskto wise, UltraVNC fits the bill nicely. 2005-07-18 2:47 am abdavidson “Although this thread is crap already I’ll just point out a few things. UltraVNC offers encryption built-in. It also has a Video Driver addon that makes it perform just as fast as RDP over slow connections. For Lan use even without the Video Driver VNC performs just as well as RDP.” Wrong. Absolutely totally wrong. VNC is nowhere near as fast or transparent as RDP on LAN or remote use. It’s slower in all it’s variants and implementations. 2005-07-18 2:48 am abdavidson “You get your real desktop, not some terminal server profile.” Never heard of /console then. Absolutely clueless. 2005-07-18 6:18 am Beryllium “You get your real desktop, not some terminal server profile.” I use Remote Desktop on Windows XP Pro. I can assure you that you get your ‘real’ desktop. I start up all my apps in the morning, then head to work. If for some reason I need to access my home machine from work, I just rdesktop in and all my applications are there for me to use, just like if I were at home. Now, one benefit that Windows XP’s RDP has over most (all?) VNC incarnations is that when you’re remote controlling your desktop, people sitting at the physical machine can’t see what you’re doing – the screen is locked. If they successfully log in, it disconnects your session – likewise, if you successfully log in, it disconnects their session. If you share a PC with your roommate, it can lead to lots of fun. 😉 2005-07-19 4:35 am it’s better and more secure than vnc and rdp, and almost as fast as rdp, or faster on modem connections.