SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (Microsoft)  >  Windows Remote Desktop Application Vendors:  Microsoft
Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System
SecurityTracker Alert ID:  1011940
SecurityTracker URL:  http://securitytracker.com/id?1011940
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 26 2004
Impact:  Denial of service via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to SP2
Description:  A vulnerability was reported in Microsoft Remote Desktop on Windows XP. A remote authenticated user can restart the system.

In August 2004, Microsoft reported that a remote authenticated user can access the target system and issue the Tsshutdn command to restart a Windows XP-based system.
Impact:  A remote authenticated user can cause the system to restart.
Solution:  The vendor has issued a fix as part of Windows XP SP2. The knowledge base article describing this issue is available at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;838202
Vendor URL:  support.microsoft.com/default.aspx?scid=kb;en-us;838202 (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (XP)
Reported By:  "G. Dell'Abate" <bababooey@USA.COM>
Message History:   None.

 Source Message Contents
Date:  Fri, 22 Oct 2004 19:33:24 -0500
From:  "G. Dell'Abate" <bababooey@USA.COM>
Subject:  Any Authenticated User can Restart or Shutdown a Remote WinXP computer

 

http://support.microsoft.com/default.aspx?scid=kb;en-us;838202 states:
Windows XP can be restarted remotely by a non-administrative user
Any user who is a member of the Authenticated Users group can use the Tsshutdn command to restart a r
emote Windows XP-based computer.

This problem is fixed in SP2...Might be the best reason for a corporation to upgrade.

G.D


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

--
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting rep
ly is going to result in the
 message coming to the list, not to the individual who sent the message. This was done to help reduce
 the number of Out of Office
 messages posters received. So if you want to send a reply just to the poster, you'll have to copy th
eir email address out of the
 message and place it in your TO: field.
--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC