güvenliğiniz emin ellerde
türkçe ingilizce almanca
Ürünler
Satın_Al
Destek
Bayi_Kanalı
Haberler
Hakkımızda

Haberler

Ana Sayfa
Basın Bildirileri
Güvenlik Önerileri
Ödüller
Etkinlikler
Basın Odası
Müşteri İlişkileri

Agnitum Güvenlik Önerileri

ASA-02-0507-3: RDP Güvenlik Açığı, Sistemlerin Yeniden Başlamasına Sebep Oluyor

Vulnerability summary:

Severity rating:         Important

Date Published:         July 16, 2005

Software Vendor:    Microsoft

Affected Software:  Remote Desktop Protocol (RDP)

Affected OS:             Windows XP (incl. x64 Edition), Windows Server 2003 (incl. x64 Edition), Windows 2000

Unaffected with:      

Vulnerability class:   Denial of Service

Status:                      Patch due

Vulnerability details:

Tech brief:

The vulnerability is caused due to an error in Remote Desktop Services. A specifically crafted request sent to the Remote Desktop Protocol could crash the host system.

 

Vendor reference information:

 

Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/advisory/904797.mspx

 

General Mitigating Recommendations:

 

  • Disable Terminal Services or the Remote Desktop feature if they are not required.
  • Secure Remote Desktop Connections by using an IPsec policy.
  • Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection. 

How Outpost Firewall PRO protects you:

 

Outpost Firewall PRO protects your system against this vulnerability through the Global System and Rawsocket Rules feature: 

1) Make sure Outpost is not running in Disabled or Allow Most mode.

2) Go to Options > System and click Rules under Global System and Rawsocket rules.

3) Click Add to create the new global rule.

4) Select the Where the specified protocol is, Where the specified direction is, and Where the specified local port is events.

5) In the Rule description field, click on the Undefined keyword next to Where the protocol is and specify the TCP protocol.

6) In the Rule description field, click on the Undefined keyword next to Where the direction is and specify the Inbound connection direction.

7) In the Rule description field, click on the Undefined keyword next to Where the local port is and specify the port number 3389 or select RDP.

8) Finally, in the Select Actions with which the rule will respond field, select Block it, Make rule as High Priority and Ignore Component Control actions.

9) Name the rule appropriately (in the Rule name field) and click OK to save it.

10) You should now see the new rule in the list of global rules.

 

Disclaimer:

 

The information in the present advisory is believed to be accurate as of the time of publishing, based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on, this information.
Hemen Kaydolun!

En güncel ürün haberlerini, güvenlik ipuçlarını ve uyarıları anında e-posta kutunuzda bulmak için hemen kayıt olun. 

Şirket Bülteni
Agnitum Security Insight

E-posta adresinizi giriniz:
Kullanım Şartları   Arama   Site Haritası   Bize Ulaşın   Gizlilik Politikası   Müşteri İlişkileri   
Tüm hakları saklıdır © 2006, Agnitum Ltd.
Outpost PRO: firewall with antispyware