Microsoft Rushes to Fix Critical XP Flaw
Microsoft is rushing to patch a critical flaw in the Windows Remote Desktop Service, which affects fully updated Windows XP machines. The problem could be exploited by an attacker to cause a denial of service attack that crashes the PC with a Windows "blue screen of death."
Microsoft was informed of the flaw on May 4, and plans to issue a patch in its August security bulletin. The problem was discovered by Security Protocols, which posted a screenshot of a system being crashed.
"The issue was originally privately reported to Microsoft and we are working on an update that will be released when it is of the appropriate quality," a Microsoft spokesperson said. "The concern is that this has now gone public, potentially putting customers at risk."
Company officials said, however, that there was little risk in code being executed on a remote machine. The DoS attack would simply overload the Remote Desktop service and cause a PC to stop responding.
Windows 2000 Service Pack 4 and Windows Server 2003 are also potentially affected, Microsoft said.
Security firm Secunia has rated the problem "moderately critical" in an advisory. The firm noted that Remote Desktop is disabled by default on all Windows XP systems, except XP Media Center Edition. As a temporary solution, users can disable the service.