no problem Mark, I don't have 3389 open at the Firewall but this is good to know if anyone has a Web server exposed to the public domain and uses TS to gain access to it. -----Original Message----- From: Mark Strangways [mailto:strangconst@xxxxxxxx] Sent: Wednesday, July 25, 2001 10:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: FW: Microsoft Security Bulletin MS01-040 http://www.ISAserver.org Thanks David... I use TS all the time. I'll install the patch ASAP. Regards, Mark ----- Original Message ----- From: "David Dellanno" <david@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, July 25, 2001 10:06 PM Subject: [isalist] FW: Microsoft Security Bulletin MS01-040 > http://www.ISAserver.org > > > > > -----Original Message----- > From: Microsoft Product Security [mailto:secnotif@xxxxxxxxxxxxx] > Sent: Wednesday, July 25, 2001 9:08 PM > To: MICROSOFT_SECURITY@xxxxxxxxxxxxxxxxxxxxxx > Subject: Microsoft Security Bulletin MS01-040 > > > The following is a Security Bulletin from the Microsoft Product Security > Notification Service. > > Please do not reply to this message, as it was sent from an unattended > mailbox. > ******************************** > > -----BEGIN PGP SIGNED MESSAGE----- > > - ---------------------------------------------------------------------- > Title: Invalid RDP Data Can Cause Memory Leak in Terminal > Services > Date: 25 July 2001 > Software: Windows 2000 Server and Windows NT 4.0, Terminal Server > Edition > Impact: Denial of Service > Bulletin: MS01-040 > > Microsoft encourages customers to review the Security Bulletin at: > http://www.microsoft.com/technet/security/bulletin/MS01-040.asp. > - ---------------------------------------------------------------------- > > Issue: > ====== > The Windows 2000 Terminal Service and Windows NT 4.0 Terminal Server > Edition contains a memory leak in one of the functions that processes > incoming Remote Data Protocol data via port 3389. Each time an RDP > packet containing a specific type of malformation is processed, the > memory leak depletes overall server memory by a small amount. > > If an attacker sent a sufficiently large quantity of such data to an > affected machine, he could deplete the machine's memory to the point > where response time would be slowed or the machine's ability to > respond > would be stopped altogether. All system services would be affected, > including but not limited to terminal services. Normal operation > could > be restored by rebooting the machine. > > Mitigating Factors: > ==================== > - Normal firewalling could be used to prevent an attacker from > exploiting > this vulnerability from the Internet. Specifically, blocking port > 3389 > would prevent an attacker from delivering data to the affected > service, > thereby preventing him from exploiting the vulnerability. > > - There is no capability to compromise data or usurp privileges via > the > vulnerability. > > Patch Availability: > =================== > - A patch is available to fix this vulnerability. Please read the > Security Bulletin > http://www.microsoft.com/technet/security/bulletin/ms01-040.asp > for information on obtaining this patch. > > Acknowledgment: > =============== > - Peter Grundl > > - --------------------------------------------------------------------- > > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED > "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL > WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF > MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT > SHALL > MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES > WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, > LOSS > OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION > OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH > DAMAGES. > SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR > CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY > NOT > APPLY. > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Personal Privacy 6.5.3 > > iQEVAwUBO19tdI0ZSRQxA/UrAQGNJwf+MJnDs9PaXT1OfGsVYI7FP+G0jgGzX8UX > h7WPalpJyPv+bA0f4Gh7bARLZOz7xmGTLnE+jLfEqWmM9sRSGPkJNp6zoSVW5UjT > tS2IGpH8o5RXO2wZbbaEW+Er5Lct5HMB2UvUzjkBB0H8+ErcLVuIxX9j1T7mcW8E > FG8PS982cfkTwFDsTFlA0CW1TKx/ASo2kBSecK5OeoYldA98WGB2Yg9ftOOdc6gO > 7QaXKLFzYsdD/WKsoKdvXdCZepelLTiwMNHaRgRmXgs6lzMLDfRC++i25sU1JwBX > xtj2GAQxLZZEIip4OzgtRltg/wjGpfC6eaGVoqxwmGNlETg1Q6pbzg== > =X91Y > -----END PGP SIGNATURE----- > > ******************************************************************* > You have received this e-mail bulletin as a result of your registration > to the Microsoft Product Security Notification Service. You may > unsubscribe from this e-mail notification service at any time by sending > an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@xxxxxxxxxxxxxxxxxxxxxx > The subject line and message body are not used in processing the request, > and can be anything you like. > > To verify the digital signature on this bulletin, please download our PGP > key at http://www.microsoft.com/technet/security/notify.asp. > > For more information on the Microsoft Security Notification Service > please visit http://www.microsoft.com/technet/security/notify.asp. For > security-related information about Microsoft products, please visit the > Microsoft Security Advisor web site at http://www.microsoft.com/security. > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: strangconst@xxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: david@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')