-----BEGIN PGP SIGNED MESSAGE-----
Title: Cryptographic Flaw in RDP Protocol can Lead to
Information Disclosure (Q324380)
Released: 18 September 2002
Software: Microsoft Windows 2000
Microsoft Windows XP
Impact: Two vulnerabilities: information disclosure, denial of
service
Max Risk: Moderate
Bulletin: MS02-051
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-051.asp.
The Remote Data Protocol (RDP) provides the means by which Windows
systems can provide remote terminal sessions to clients. The protocol
transmits information regarding a terminal sessions' keyboard, mouse
and video to the remote client, and is used by Terminal Services in
Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP.
Two security vulnerabilities, both of which are eliminated by this
patch, have been discovered in various RDP implementations.
The first involves how session encryption is implemented in certain
versions of RDP. All RDP implementations allow the data in an RDP
session to be encrypted. However, in the versions in Windows 2000 and
Windows XP, the checksums of the plaintext session data are sent
without being encrypted themselves. An attacker who was able to
eavesdrop on and record an RDP session could conduct a straight-
forward cryptanalytic attack against the checksums and recover
the session traffic.
The second involves how the RDP implementation in Windows XP handles
data packets that are malformed in a particular way. Upon receiving
such packets, the Remote Desktop service would fail, and with it
would fail the operating system. It would not be necessary for an
attacker to authenticate to an affected system in order to deliver
packets of this type to an affected system.
Cryptographic Flaw in RDP Protocol:
Denial of Service in Remote Desktop:
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPYj4Qo0ZSRQxA/UrAQGwjgf/R2clh7I4tA+v9gHq3It1ZCkiVb32bgS1
KcId2B0dXdBfobEPLidKwra+jFKVBNYilUEi7jA5OHsJ9tdr48blaKMp9UrvsQeL
/ea7yWnKJ/gRBGK+Qaxx2pgoVl8AVFGwd3rDzZQ43vRBMQmfNQAAqd9Y2dCr6Sro
2iIq19By+0OZYxqBuCRjPOif7w7ViIGsUyk2vXp6GJCTMOtDZWSCedGEYCrJ7que
xud9dwezKkzGhjsmuqSFIoysBd2LsTMvkgTMMcwpVCwewvqQm+McdpXcv6rEBrEp
NLoiqUwlp/27vP3OeEC6/qWPi/cxoarAyRnJ3YYZ7BXL4NLQXXzcbw==
=wabA
-----END PGP SIGNATURE-----
You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on this
service, please visit http://www.microsoft.com/technet/security/notify.asp.
To verify the digital signature on this bulletin, please download our PGP key at
http://www.microsoft.com/technet/security/notify.asp.
To unsubscribe from the Microsoft Security Notification Service, please visit
the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
If you do not wish to use Microsoft Passport, you can unsubscribe from the
Microsoft Security Notification Service via email as described below:
Send an email to unsubscribe to the Service by following these steps:
a. Send an e-mail to [email protected]. The subject line and the message
body are not used to process the subscription request, and can be anything you
like.
b. Send the e-mail.
c. You will receive a response, asking you to verify that you really want to
cancel your subscription. Compose a reply, and put "OK" in the message body.
(Without the quotes). Send the reply.
d. You will receive an e-mail telling you that your name has been removed from
the subscriber list.
For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.