Cryptographic Flaw in RDP Protocol can Lead to


Recommended Posts

- ----------------------------------------------------------------------

Title: Cryptographic Flaw in RDP Protocol can Lead to

Information Disclosure (Q324380)

Released: 18 September 2002

Software: Microsoft Windows 2000

Microsoft Windows XP

Impact: Two vulnerabilities: information disclosure, denial of

service

Max Risk: Moderate

Bulletin: MS02-051

Microsoft encourages customers to review the Security Bulletin at:

http://www.microsoft.com/technet/security/...in/MS02-051.asp.

- ----------------------------------------------------------------------

Issue:

======

The Remote Data Protocol (RDP) provides the means by which Windows

systems can provide remote terminal sessions to clients. The protocol

transmits information regarding a terminal sessions' keyboard, mouse

and video to the remote client, and is used by Terminal Services in

Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP.

Two security vulnerabilities, both of which are eliminated by this

patch, have been discovered in various RDP implementations.

The first involves how session encryption is implemented in certain

versions of RDP. All RDP implementations allow the data in an RDP

session to be encrypted. However, in the versions in Windows 2000 and

Windows XP, the checksums of the plaintext session data are sent

without being encrypted themselves. An attacker who was able to

eavesdrop on and record an RDP session could conduct a straight-

forward cryptanalytic attack against the checksums and recover

the session traffic.

The second involves how the RDP implementation in Windows XP handles

data packets that are malformed in a particular way. Upon receiving

such packets, the Remote Desktop service would fail, and with it

would fail the operating system. It would not be necessary for an

attacker to authenticate to an affected system in order to deliver

packets of this type to an affected system.

Mitigating Factors:

====================

Cryptographic Flaw in RDP Protocol:

- - An attacker would need the ability to capture an RDP session in

order to exploit this vulnerability. In most cases, this would re-

quire that the attacker have physical access to the network media.

- - Because encryption keys are negotiated on a per-session basis, a

successful attack would allow an attacker to decrypt only a single

session and not multiple sessions. Thus, the attacker would need to

conduct a separate cryptanalytic attack against each session he or

she wished to compromise.

Denial of Service in Remote Desktop:

- - Remote Desktop service in Windows XP is not enabled by default.

- - Even if Remote Desktop service were enabled, a successful attack

would require that the attacker be able to deliver packets to the

Remote Desktop port on an affected system. Customers who block port

3389 at the firewall would be protected against attempts to exploit

this vulnerability. (By default Internet Connection Firewall does

block port 3389).

Maximum Risk Rating:

====================

- Internet systems: Moderate

- Intranet systems: Moderate

- Client systems: Moderate

Patch Availability:

===================

- A patch is available to fix this vulnerability. Please read the

Security Bulletin at

http://www.microsoft.com/technet/security/...in/ms02-051.asp

for information on obtaining this patch.

Sorce: Microsoft

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.