Re: FW: Microsoft Security Bulletin MS01-040
- From: David Dellanno <david@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 25 Jul 2001 22:50:39 -0400
no problem Mark, I don't have 3389 open at the Firewall but this is good to
know if anyone has a Web server exposed to the public domain and uses TS to
gain access to it.
-----Original Message-----
From: Mark Strangways [mailto:strangconst@xxxxxxxx]
Sent: Wednesday, July 25, 2001 10:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FW: Microsoft Security Bulletin MS01-040
http://www.ISAserver.org
Thanks David... I use TS all the time. I'll install the patch ASAP.
Regards,
Mark
----- Original Message -----
From: "David Dellanno" <david@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, July 25, 2001 10:06 PM
Subject: [isalist] FW: Microsoft Security Bulletin MS01-040
> http://www.ISAserver.org
>
>
>
>
> -----Original Message-----
> From: Microsoft Product Security [mailto:secnotif@xxxxxxxxxxxxx]
> Sent: Wednesday, July 25, 2001 9:08 PM
> To: MICROSOFT_SECURITY@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Microsoft Security Bulletin MS01-040
>
>
> The following is a Security Bulletin from the Microsoft Product Security
> Notification Service.
>
> Please do not reply to this message, as it was sent from an unattended
> mailbox.
> ********************************
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> - ----------------------------------------------------------------------
> Title: Invalid RDP Data Can Cause Memory Leak in Terminal
> Services
> Date: 25 July 2001
> Software: Windows 2000 Server and Windows NT 4.0, Terminal Server
> Edition
> Impact: Denial of Service
> Bulletin: MS01-040
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS01-040.asp.
> - ----------------------------------------------------------------------
>
> Issue:
> ======
> The Windows 2000 Terminal Service and Windows NT 4.0 Terminal Server
> Edition contains a memory leak in one of the functions that processes
> incoming Remote Data Protocol data via port 3389. Each time an RDP
> packet containing a specific type of malformation is processed, the
> memory leak depletes overall server memory by a small amount.
>
> If an attacker sent a sufficiently large quantity of such data to an
> affected machine, he could deplete the machine's memory to the point
> where response time would be slowed or the machine's ability to
> respond
> would be stopped altogether. All system services would be affected,
> including but not limited to terminal services. Normal operation
> could
> be restored by rebooting the machine.
>
> Mitigating Factors:
> ====================
> - Normal firewalling could be used to prevent an attacker from
> exploiting
> this vulnerability from the Internet. Specifically, blocking port
> 3389
> would prevent an attacker from delivering data to the affected
> service,
> thereby preventing him from exploiting the vulnerability.
>
> - There is no capability to compromise data or usurp privileges via
> the
> vulnerability.
>
> Patch Availability:
> ===================
> - A patch is available to fix this vulnerability. Please read the
> Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms01-040.asp
> for information on obtaining this patch.
>
> Acknowledgment:
> ===============
> - Peter Grundl
>
> - ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
> "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
> MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
> SHALL
> MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
> WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
> LOSS
> OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
> OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
> DAMAGES.
> SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
> CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
> NOT
> APPLY.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.3
>
> iQEVAwUBO19tdI0ZSRQxA/UrAQGNJwf+MJnDs9PaXT1OfGsVYI7FP+G0jgGzX8UX
> h7WPalpJyPv+bA0f4Gh7bARLZOz7xmGTLnE+jLfEqWmM9sRSGPkJNp6zoSVW5UjT
> tS2IGpH8o5RXO2wZbbaEW+Er5Lct5HMB2UvUzjkBB0H8+ErcLVuIxX9j1T7mcW8E
> FG8PS982cfkTwFDsTFlA0CW1TKx/ASo2kBSecK5OeoYldA98WGB2Yg9ftOOdc6gO
> 7QaXKLFzYsdD/WKsoKdvXdCZepelLTiwMNHaRgRmXgs6lzMLDfRC++i25sU1JwBX
> xtj2GAQxLZZEIip4OzgtRltg/wjGpfC6eaGVoqxwmGNlETg1Q6pbzg==
> =X91Y
> -----END PGP SIGNATURE-----
>
> *******************************************************************
> You have received this e-mail bulletin as a result of your registration
> to the Microsoft Product Security Notification Service. You may
> unsubscribe from this e-mail notification service at any time by sending
> an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx
> The subject line and message body are not used in processing the request,
> and can be anything you like.
>
> To verify the digital signature on this bulletin, please download our PGP
> key at http://www.microsoft.com/technet/security/notify.asp.
>
> For more information on the Microsoft Security Notification Service
> please visit http://www.microsoft.com/technet/security/notify.asp. For
> security-related information about Microsoft products, please visit the
> Microsoft Security Advisor web site at http://www.microsoft.com/security.
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
strangconst@xxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
