Microsoft admits to Media Center hole
Just posted this on my blog here
While its reported as a hole in Media Center it’s actualy common to all XP machines, its just that Remote Desktop is enabled on MCE boxes
Microsoft is developing a patch for a newly discovered security flaw in versions of Windows XP which poses a particular threat to computers running XP Media Center edition.
The flaw is in Windows Remote Desktop Services (RDS) and could allow a hacker to cause a computer to crash repeatedly by sending specially crafted data packets.
Although all versions of XP have RDS, it is only turned on as standard in Media Center edition.
“Our investigation has determined that this is limited to a denial of service attack, so an attacker could not use this vulnerability to take complete control of a system,” said Microsoft in a security advisory.
“Services that use the Remote Desktop Protocol are not enabled by default, but if a service were enabled an attacker could cause this system to restart.”
Microsoft admits to Media Center hole - vnunet.com