Microsoft Terminal Server

New (3.1.1)

Impact

A vulnerability in Microsoft Windows NT 4.0 Terminal Server could allow a remote attacker to execute arbitrary code.

Background

The Windows NT 4.0 Terminal Server Edition adds Windows based terminal support to the Windows NT 4.0 Server. It allows use of the Windows NT operating system from platforms that otherwise could not run Windows NT, such as Win16, Macintosh, and Unix.

The Problem

A buffer overflow in the code that handles the terminal server's login prompt could allow a remote attacker to execute arbitrary code without logging in. This could allow the attacker to read, modify, or delete files, or upload programs and run them.

Windows NT 4.0 Terminal Server is affected by this vulnerability, unless the patch has been applied.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 00-087. It is also a good idea to filter TCP port 3389 at the firewall or router, such that only connections from legitimate users will be accepted.

Where can I read more about this?

For more information, see Microsoft Security Bulletin 00-087 and the Frequently Asked Questions about this vulnerability.