Click here to get back home

Remote Desktop Protocol Server Private Key Disclosure Vulnerability
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Remote Desktop Protocol Server Private Key Disclosure Vulnerability Sabo, Eric 03-30-2008
Posted by Sabo, Eric on March 30, 2008, 9:34 am
Please log in for more thread options
 Does anyone know if this issue has ever been resolved by Microsoft in
Windows 2003 SP2 with the latest patches ?

Thanks in advance,
Eric Sabo


Posted by neo [mvp outlook] on March 30, 2008, 9:53 am
Please log in for more thread options
 Yes, with SP1 for Windows 2003. Basically the big hoopla is that RDP is
suspectiable to man-in-the-middle attacks. Starting with SP1, you can now
secure RDP using SSL/TLS.

This link helps explain things...
http://weblog.maximumasp.com/archive/2006/10/16/RDP-over-SSL.aspx


> Does anyone know if this issue has ever been resolved by Microsoft in
> Windows 2003 SP2 with the latest patches ?
>
> Thanks in advance,
> Eric Sabo



Posted by Sabo, Eric on March 31, 2008, 10:00 am
Please log in for more thread options
I thought Microsoft fixed this in a security bulletin last year. KB920214 I
believe was the fix but still certain scanning tools pick this up as a hole.


> Yes, with SP1 for Windows 2003. Basically the big hoopla is that RDP is
> suspectiable to man-in-the-middle attacks. Starting with SP1, you can now
> secure RDP using SSL/TLS.
>
> This link helps explain things...
> http://weblog.maximumasp.com/archive/2006/10/16/RDP-over-SSL.aspx
>
>
>> Does anyone know if this issue has ever been resolved by Microsoft in
>> Windows 2003 SP2 with the latest patches ?
>>
>> Thanks in advance,
>> Eric Sabo
>
>


Posted by neo [mvp outlook] on April 1, 2008, 7:25 pm
Please log in for more thread options
Weird, this KB article refers to Outlook Express/Inetcomm.

>I thought Microsoft fixed this in a security bulletin last year. KB920214
>I believe was the fix but still certain scanning tools pick this up as a
>hole.
>
>
>> Yes, with SP1 for Windows 2003. Basically the big hoopla is that RDP is
>> suspectiable to man-in-the-middle attacks. Starting with SP1, you can
>> now secure RDP using SSL/TLS.
>>
>> This link helps explain things...
>> http://weblog.maximumasp.com/archive/2006/10/16/RDP-over-SSL.aspx
>>
>>
>>> Does anyone know if this issue has ever been resolved by Microsoft in
>>> Windows 2003 SP2 with the latest patches ?
>>>
>>> Thanks in advance,
>>> Eric Sabo
>>
>>
>



Posted by Sabo, Eric on April 2, 2008, 9:30 pm
Please log in for more thread options
I guess there is really no straight answer for this.



> Weird, this KB article refers to Outlook Express/Inetcomm.
>
>>I thought Microsoft fixed this in a security bulletin last year. KB920214
>>I believe was the fix but still certain scanning tools pick this up as a
>>hole.
>>
>>
>>> Yes, with SP1 for Windows 2003. Basically the big hoopla is that RDP is
>>> suspectiable to man-in-the-middle attacks. Starting with SP1, you can
>>> now secure RDP using SSL/TLS.
>>>
>>> This link helps explain things...
>>> http://weblog.maximumasp.com/archive/2006/10/16/RDP-over-SSL.aspx
>>>
>>>
>>>> Does anyone know if this issue has ever been resolved by Microsoft in
>>>> Windows 2003 SP2 with the latest patches ?
>>>>
>>>> Thanks in advance,
>>>> Eric Sabo
>>>
>>>
>>
>
>


Similar ThreadsPosted
Remote Desktop Protocol October 29, 2007, 5:16 pm
Securing Remote Desktop To Server August 11, 2005, 10:30 am
Windows Small Business Server 2003 Premium and Remote Desktop June 8, 2006, 6:09 pm
Remote desktop February 21, 2006, 3:25 pm
SSL and Remote Desktop February 27, 2008, 7:53 pm
Windows Media Player vulnerability in Win2K3 Server with SP2 October 25, 2007, 2:06 pm
Can connect via Remote Desktop September 26, 2005, 12:36 pm
remote desktop security February 18, 2006, 5:38 pm
Windows Remote Desktop April 16, 2006, 7:17 am
Secure Remote Desktop August 10, 2006, 11:00 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap