GEN:SID | 1:2418 |
Message | MISC MS Terminal Server no encryption session initiation attempt |
Summary | This event is generated when an attempt is made to connect to a Microsoft Terminal Server without using encryption.
|
Impact | Serious. Denial of Service.
|
Detailed Information | Microsoft Windows Terminal Server for NT systems fails to correctly validate RDP data from client machines that do not use encryption.
|
Affected Systems | Microsoft Windows Terminal Server
|
Attack Scenarios | An attacker can use one of the publicly available exploit scripts to cause the DoS.
|
Ease of Attack | Simple. Exploit software exists.
|
Corrective Action | Apply the appropriate vendor supplied patch.
|
Additional References | |
Rule References | url: www.microsoft.com/technet/security/bulletin/MS01-052.mspx
|