en

‫ Microsoft Windows Remote Desktop Protocol Two Vulnerabilities

IRCAD2012031780
ID: IRCAD2012031780
Release Date: 2012-03-13
Criticality level: Highly critical
 
Software:
Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
 
Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
1) An error within Remote Desktop Services when handling certain objects can be exploited to access an uninitialised or deleted object via specially crafted RDP packets.
Successful exploitation of this vulnerability allows execution of arbitrary code.
2) An error within the Terminal Server when processing certain RDP packets can be exploited to cause the service to stop responding.
Successful exploitation of the vulnerabilities requires that Remote Desktop is enabled (disabled by default).
 
Solution
Apply patches.
 
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
 
References:
MS12-020 (KB2671387, KB2621440, KB2667402):
 
Secunia:
 
 

The Wall

No comments
You need to sign in to comment