Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Terminal Server Connection Request Flooding Vulnerability
Due to the way Windows TSE handles requests to open a new terminal connection a vulnerability exists that could pose a denial-of-service threat.
Issue
When a request to open a new terminal connection is received by a Terminal Server, the server undertakes a resource-intensive series of operations to prepare for the connection. It does this before authenticating the request. This would allow an attacker to mount a denial of service attack by levying a large number of bogus connection requests and consuming all memory on the Terminal Server.
This vulnerability could be exploited remotely if connection requests are not filtered. In extreme cases, the server could crash in the face of such an attack; in other cases, normal processing would return when the attack ceased.
Affected Products
- Microsoft Windows NT Server 4.0, Terminal Server Edition
Download
Patch: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40tse/hotfixes-postSP4/Flood-fix/
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: August 9, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
