Patch available for invalid RDP data vulnerability
View products that this article applies to.
Article ID : 286132 
Last Review : June 22, 2004 
Revision : 4.0 
This article was previously published under Q286132
SYMPTOMS
Microsoft has released a patch that eliminates a security vulnerability on 
Windows 2000-based computers that are running Terminal Services. The 
vulnerability could allow a malicious user to cause an affected server to 
display an error message on a blue screen or stop responding (hang).

The implementation of the Remote Data Protocol (RDP) in Windows 2000 does 
not correctly handle a particular series of data packets. If such a series 
of packets are received by an affected server, the server may display an 
error message on a blue screen or hang. You can resolve the problem by 
rebooting the server, but any work in progress at the time of the attack 
is lost. 

The malicious user does not need to start a session with an affected 
server to exploit this vulnerability; the malicious user needs only to 
send the correct series of packets to the RDP port on the server. The 
specific sequence of data packets involved in this vulnerability cannot be 
generated as part of a legitimate Terminal Services session.

Computers that are running Microsoft Windows NT Server 4.0, Terminal 
Services Edition are not affected by this vulnerability. 
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. 
For additional information, click the following article number to view the 
article in the Microsoft Knowledge Base: 
260910 (http://support.microsoft.com/kb/260910/) How to obtain the latest 
Windows 2000 service pack 
The following file is available for download from the Microsoft Download 
Center:

US English: 
 
http://download.microsoft.com/download/win2000platform/Patch/q286132/NT5/EN-US/Q286132_W2K_SP2_x86_en.EXE 
(http://www.microsoft.com/downloads/release.asp?releaseid=27500)
Chinese (Simplified): 
Download Q286132_w2k_sp2_x86_cn.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27553)
Chinese (Traditional): 
Download Q286132_w2k_sp2_x86_57.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27557)
Czech: 
Download Q286132_w2k_sp2_x86_cs.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27555)
Dutch: 
Download Q286132_w2k_sp2_x86_nl.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27579)
French: 
Download Q286132_w2k_sp2_x86_fr.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27573)
German: 
Download Q286132_w2k_sp2_x86_de.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27587)
Hungarian: 
Download Q286132_w2k_sp2_x86_hu.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27575)
Italian: 
Download Q286132_w2k_sp2_x86_it.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27576)
Japanese: 
Download Q286132_w2k_sp2_x86_ja.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27554)
Korean: 
Download Q286132_w2k_sp2_x86_ko.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27556)
Polish: 
Download Q286132_w2k_sp2_x86_pl.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27581)
Portuguese: 
Download Q286132_w2k_sp2_x86_pt.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27582)
Portuguese (Brazil): 
Download Q286132_w2k_sp2_x86_br.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27560)
Russian: 
Download Q286132_w2k_sp2_x86_ru.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27584)
Spanish: 
Download Q286132_w2k_sp2_x86_es.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27562)
Swedish: 
Download Q286132_w2k_sp2_x86_sv.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27585)
Turkish: 
Download Q286132_w2k_sp2_x86_tr.exe now 
(http://www.microsoft.com/downloads/release.asp?releaseid=27586)
For additional information about how to download Microsoft Support files, 
click the following article number to view the article in the Microsoft 
Knowledge Base: 
119591 (http://support.microsoft.com/kb/119591/EN-US/) How to Obtain 
Microsoft Support Files from Online Services 
Microsoft scanned this file for viruses. Microsoft used the most current 
virus-detection software that was available on the date that the file was 
posted. The file is stored on security-enhanced servers that help to 
prevent any unauthorized changes to the file. The English-language version 
of this fix should have the following file attributes or later:    Date        
Time    Version        Size     File name     Encryption
   -----------------------------------------------------------------------
   01/25/2001  11:57a  5.0.2195.2847  106,256  Instrdp5.dll  not available
   01/25/2001  11:57a  5.0.2195.2847   88,056  Rdpwd.sys     40-bit
   01/25/2001  11:57a  5.0.2195.2847   88,024  Rdpwd.sys     56-bit
				


STATUS
Microsoft has confirmed that this is a problem in the Microsoft products 
that are listed in the "Applies to" section. This problem was first 
corrected in Windows 2000 Service Pack 2.
MORE INFORMATION
For more information, view the following Microsoft Security Bulletin Web 
site: 
http://www.microsoft.com/technet/security/bulletin/MS01-006.mspx 
(http://www.microsoft.com/technet/security/bulletin/ms01-006.asp)
For additional information about how to install Windows 2000 and Windows 
2000 hotfixes at the same time, click the following article number to view 
the article in the Microsoft Knowledge Base: 
249149 (http://support.microsoft.com/kb/249149/) Installing Microsoft 
Windows 2000 and Windows 2000 hotfixes 

--------------------------------------------------------------------------------

APPLIES TO
• Microsoft Windows 2000 Service Pack 1 
• Microsoft Windows 2000 Advanced Server SP1