Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2418 |
Message | MISC MS Terminal Server no encryption session initiation attempt |
Summary | This event is generated when an attempt is made to connect to a Microsoft Terminal Server without using encryption. |
Impact | Serious. Denial of Service. |
Detailed Information | Microsoft Windows Terminal Server for NT systems fails to correctly validate RDP data from client machines that do not use encryption. |
Affected Systems | Microsoft Windows Terminal Server |
Attack Scenarios | An attacker can use one of the publicly available exploit scripts to cause the DoS. |
Ease of Attack | Simple. Exploit software exists. |
Corrective Action | Apply the appropriate vendor supplied patch. |
Additional References | |
Rule References | url: www.microsoft.com/technet/security/bulletin/MS01-052.mspx |
--
DID:883901
--
http://www.aanval.com/