| GEN:SID | 1:2418 |
| Message | MISC MS Terminal Server no encryption session initiation attempt |
| Summary | This event is generated when an attempt is made to connect to a Microsoft Terminal Server without using encryption.
|
| Impact | Serious. Denial of Service.
|
| Detailed Information | Microsoft Windows Terminal Server for NT systems fails to correctly validate RDP data from client machines that do not use encryption.
|
| Affected Systems | Microsoft Windows Terminal Server
|
| Attack Scenarios | An attacker can use one of the publicly available exploit scripts to cause the DoS.
|
| Ease of Attack | Simple. Exploit software exists.
|
| Corrective Action | Apply the appropriate vendor supplied patch.
|
| Additional References | |
| Rule References | url: www.microsoft.com/technet/security/bulletin/MS01-052.mspx
|