Microsoft Windows Terminal Services vulnerabilities

[Ben Cohen <bc () skygate co uk>]

I have just installed Windows XP Pro SP1 and found that the two
vulnerabilities announced earlier in the week have been addressed.  


"Microsoft Windows XP Remote Desktop denial of service" is fixed.

"Microsoft Windows Remote Desktop Protocol checksum and keystroke" is
partially fixed:  Microsoft have altered the protocol to revert to the RDP
4.0 style input packet.  This is a hack rather than a good solution
because it doesn't fix the checksum leakage problem, and it increases
bandwidth again.  Unfortunately, the proper solution would require the 
encryption layer of the protocol to be redesigned.


Ben Cohen
Software Developer
Skygate Technology Ltd.