Microsoft

A denial of service vulnerability exists within the Remote Desktop Services which allows for an attacker to send a specially crafted RDP packet in order to crash the remote vulnerable system. This flaw specifically exists within the rdpwd.sys driver file which is used by the Remote Desktop Services. It appears that the problem exists because RDP does not release the memory it is using. The kernel can only use a certain amount of physical memory. So when RDP goes over its memory limit, it causes the crash.

Release Date:
August 9, 2005

Date Reported:
May 4, 2005

Microsoft Corp. is attempting to plug a glaring hole in some versions of its Windows software, a weakness similar to those exploited by the devastating "Blaster" and "Sasser" attacks, a security expert said Tuesday.

The patch, included in the company's monthly security bulletin, fixes a hole that could allow hackers to take complete control of computer systems, Microsoft said.

Microsoft 's experimental Honeymonkey project has found almost 750 Web pages that attempt to load malicious code onto visitors' computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper released this month. Known more formerly as the Strider Honeymonkey Exploit Detection System, the project uses automated Windows XP clients to surf questionable parts of the Web looking for sites that compromise the systems without any user interaction.

Microsoft's efforts to fight counterfeiting have hit another snag with the posting of a new method claimed to get around a Windows piracy check.

Just one day after the first public reports of viruses being written for an upcoming feature of Microsoft's Windows operating system, Microsoft has confirmed that it will not include theMonad Shell feature in the first generally available release of Microsoft Vista, expected in the second half of 2006.

When was the last time you used a computer that was not connected to a network? I am not talking about using your laptop on an airplane. That is a planned disconnection from the network, and we can copy necessary information to the machine before we disconnect.

Virus writers have published what are thought to be the first examples of malicious code targeting Microsoft's Windows Vista operating system, around a week after the first beta of the next-generation operating system was released.

Five proof-of-concept viruses that target Monad, the next version of Microsoft's command prompt, were included in a recently published virus writing magazine, according to Mikko Hyppönen, the director of antivirus research at F-Secure.

Microsoft is working on plans to make a recent hacker meeting held on its Redmond, Washington, campus a twice-yearly event, according to a spokesperson for the vendor's security group. The company plans to host another Blue Hat security event in the fall, though no specific date for it has been set, Stephen Toulouse, a program manager in Microsoft's security unit, said on Monday.

Microsoft Corp. on Tuesday confirmed it was investigating a new "high risk" vulnerability in the widely used Internet Explorer Web browser. The software giant's acknowledgement follows the release of a brief advisory from Aliso Viejo, Calif.-based eEye Digital Security that the flaw could put millions of users at risk of code execution attacks.

"A vulnerability in default installations of the affected software allows malicious code to be executed," eEye said in a notice placed on its Upcoming Advisories Web page.

A Windows service provides functionality to the operating system and user accounts regardless of whether anyone is logged into a system. Windows XP comes with around four dozen services enabled by default, including ones that many people consider superfluous like Remote Registry, Alerter, and SSDP Discovery (Universal Plug and Play). A question many Windows administrators commonly have is therefore, which services can I safely disable? What if I told you that for at least basic functionality like Web surfing and application execution, Windows doesn’t need any services?