Security Basics mailing list archives
Re: Windows Remote Desktop - any known vulnerabilities?
From: Mitch Brandt <systems () tanelorn info>
Date: Thu, 2 Dec 2010 15:11:37 -0600
Sorry if this is a repeat but I got a bounce message from when I sent it previously. Since this topic is still breathing I thought I would try again. There are 2 big issues- 1) RDP is not encrypted; 2) You opened a port in your firewall for a well known service. You can change which port rdp listens on or have your router redirect one port to another as it forwards. I know some people use rdp only with a vpn which eliminates the above issues. Mitch On Tue, Nov 30, 2010 at 12:24 PM, Matthew Hulse <matthew.hulse () sbcglobal net> wrote:
I've seen a couple of articles talking about this error message occurring when someone connects through RDP and then disconnects without successfully authenticating. I would venture to guess that someone did establish a connection to your computer, but more than likely didn't get any further than that. If the person attempting to gain access doesn't have a valid username/password, then there's probably no compromise. You can check the security event log at those time periods and see if there were any successful logons, but I think that logging option is turned off by default. If so, there won't be any trace there. I personally don't know of any vulnerabilities in Remote Desktop that are being exploited (not saying that there aren't any). M@ -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Chuck Mayers Sent: Saturday, November 27, 2010 8:21 PM To: security-basics () securityfocus com Subject: Windows Remote Desktop - any known vulnerabilities? About 6 months ago, I wanted to connect to my home computer (which runs Windows 7) from work, so I enabled Remote Desktop, with the option "Allow connections from computers running any version of Remote Desktop (less secure)". It was a one time thing, and I've never used it since. I left these options on. Today I noticed an event in the event log: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client. This same error also appears one other time, 2 months ago. I've googled the message, it sounds like it could simply be an error you'd get if a remote user closed his session... except that there shouldn't be any remote users! At the time of the event, I'm not even sure if I was using the computer, but I know that I have not used RDP for 6 months and no one else should be connecting. Are there any known Remote Desktop vulnerabilities (for a PC acting as the server) that I should be worried about? Is there any other way this event would be in the event log, besides the obvious - someone had connected to my PC? I looked in the event log for anything obviously strange around the times of these events, and I don't see anything. The PC seems fine and I don't have any reason to think it was compromised except for this strange event message. I'm wondering if there is anything else I can check for, to figure out what this cryptic message means. Thanks ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Windows Remote Desktop - any known vulnerabilities? Ronald van der Westen (Dec 02)
- <Possible follow-ups>
- RE: Windows Remote Desktop - any known vulnerabilities? Matthew Hulse (Dec 02)
- Re: Windows Remote Desktop - any known vulnerabilities? Mitch Brandt (Dec 02)
- Message not available
- Recommendations on netbook for IA toolkit IBug_1 (Dec 02)
- Re: Recommendations on netbook for IA toolkit Lorenzo Nicolodi (Dec 03)
- Re: Recommendations on netbook for IA toolkit Drew Brown (Dec 03)
- Re: Recommendations on netbook for IA toolkit Max Chow (Dec 03)
- Re: Recommendations on netbook for IA toolkit IBug_1 (Dec 03)
- Re: Windows Remote Desktop - any known vulnerabilities? Mitch Brandt (Dec 02)