Remotely Exploitable DoS Flaw in XP and 2003

["Nick Lowe" <15320 () oakham rutland sch uk>]

From anywhere with in either Windows XP and Windows 2003 - at the logon screen if you want - holding down WinKey + U 
will, with time, slow the machine down to a craw eventually causing the machine to lock.
 
If remote desktop is enabled - at the login screen, the aforementioned key sequence can be held down, locking a machine 
remotely.
 
Mitigating Factors:
 
Windows XP SP2 does not seem to be vulnerable to this flaw.
The DoS flaw affects slower machines and those with less ram quicker than higher specification machines. On very 
hi-spec machines, the flaw does not seem to be exploitable.
 
Cause:
 
The key sequence causes the Windows utility manager to be continuously be loaded and executed. Even though the program 
terminates if another instance is detected, copies can be loaded quicker than the close - eating all memory on the 
machine - eventually causing it to not respond to user input.


This E-Mail and any files transmitted with it are confidential, may be legally privileged and are intended solely for 
the use of the addressee. If you have received this E-Mail in error you are requested to contact the sender 
immediately, and not disclose or make use of this information. Although Oakham School operates an active anti virus 
policy, the organisation accepts no liability for any damage caused by any virus transmitted by this E-Mail, including 
any attachments.  The views contained in this E-Mail are those of the author and not necessarily those of Oakham School.