SecurityTracker: Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Remote Desktop

Vendors: Microsoft

Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System

SecurityTracker Alert ID: 1011940

SecurityTracker URL: http://securitytracker.com/id/1011940

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Oct 26 2004

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): prior to SP2

Description: A vulnerability was reported in Microsoft Remote Desktop on Windows XP. A remote authenticated user can restart the system.

In August 2004, Microsoft reported that a remote authenticated user can access the target system and issue the Tsshutdn command to restart a Windows XP-based system.

Impact: A remote authenticated user can cause the system to restart.

Solution: The vendor has issued a fix as part of Windows XP SP2. The knowledge base article describing this issue is available at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;838202

Vendor URL: support.microsoft.com/default.aspx?scid=kb;en-us;838202 (Links to External Site)

Cause: Access control error

Underlying OS:

Message History: None.

Source Message Contents

Date: Fri, 22 Oct 2004 19:33:24 -0500
Subject: Any Authenticated User can Restart or Shutdown a Remote WinXP computer


http://support.microsoft.com/default.aspx?scid=kb;en-us;838202 states:
Windows XP can be restarted remotely by a non-administrative user
Any user who is a member of the Authenticated Users group can use the Tsshutdn command to restart a remote Windows XP-based computer.

This problem is fixed in SP2...Might be the best reason for a corporation to upgrade.

G.D


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

--
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the
 message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office
 messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the
 message and place it in your TO: field.
--

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC