FW: Microsoft Security Bulletin MS01-040

• From: David Dellanno <david@xxxxxxxxxx>
• To: "ISAList (E-mail)" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 25 Jul 2001 22:06:06 -0400

-----Original Message-----
From: Microsoft Product Security [mailto:secnotif@xxxxxxxxxxxxx]
Sent: Wednesday, July 25, 2001 9:08 PM
To: MICROSOFT_SECURITY@xxxxxxxxxxxxxxxxxxxxxx
Subject: Microsoft Security Bulletin MS01-040


The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Invalid RDP Data Can Cause Memory Leak in Terminal
            Services
Date:       25 July 2001
Software:   Windows 2000 Server and Windows NT 4.0, Terminal Server 
            Edition
Impact:     Denial of Service
Bulletin:   MS01-040

Microsoft encourages customers to review the Security Bulletin at: 
http://www.microsoft.com/technet/security/bulletin/MS01-040.asp.
- ----------------------------------------------------------------------

Issue:
======
The Windows 2000 Terminal Service and Windows NT 4.0 Terminal Server 
Edition contains a memory leak in one of the functions that processes
incoming Remote Data Protocol data via port 3389. Each time an RDP 
packet containing a specific type of malformation is processed, the 
memory leak depletes overall server memory by a small amount.

If an attacker sent a sufficiently large quantity of such data to an 
affected machine, he could deplete the machine's memory to the point 
where response time would be slowed or the machine's ability to
respond 
would be stopped altogether. All system services would be affected, 
including but not limited to terminal services. Normal operation
could 
be restored by rebooting the machine. 

Mitigating Factors:
====================
 - Normal firewalling could be used to prevent an attacker from
exploiting
   this vulnerability from the Internet. Specifically, blocking port
3389 
   would prevent an attacker from delivering data to the affected
service, 
   thereby preventing him from exploiting the vulnerability.
 
 - There is no capability to compromise data or usurp privileges via
the 
   vulnerability. 

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin
   http://www.microsoft.com/technet/security/bulletin/ms01-040.asp
   for information on obtaining this patch.

Acknowledgment:
===============
 - Peter Grundl

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED 
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL 
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF 
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL 
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS 
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. 
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT 
APPLY.



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBO19tdI0ZSRQxA/UrAQGNJwf+MJnDs9PaXT1OfGsVYI7FP+G0jgGzX8UX
h7WPalpJyPv+bA0f4Gh7bARLZOz7xmGTLnE+jLfEqWmM9sRSGPkJNp6zoSVW5UjT
tS2IGpH8o5RXO2wZbbaEW+Er5Lct5HMB2UvUzjkBB0H8+ErcLVuIxX9j1T7mcW8E
FG8PS982cfkTwFDsTFlA0CW1TKx/ASo2kBSecK5OeoYldA98WGB2Yg9ftOOdc6gO
7QaXKLFzYsdD/WKsoKdvXdCZepelLTiwMNHaRgRmXgs6lzMLDfRC++i25sU1JwBX
xtj2GAQxLZZEIip4OzgtRltg/wjGpfC6eaGVoqxwmGNlETg1Q6pbzg==
=X91Y
-----END PGP SIGNATURE-----

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For  more  information on  the  Microsoft  Security Notification  Service
please  visit  http://www.microsoft.com/technet/security/notify.asp.  For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

Other related posts:

• » FW: Microsoft Security Bulletin MS01-040
• » Re: FW: Microsoft Security Bulletin MS01-040
• » Re: FW: Microsoft Security Bulletin MS01-040

1. Home
2. isalist
3. Archive
4. 07-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---