Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
Vulnerability in Remote Desktop Protocol (RDP)
Last Updated: Jul 23 2005 09:09, Started by
Tyby
, Jul 22 2005 11:32
·
0
#1
Posted 22 July 2005 - 11:32
http://www.microsoft...ory/904797.mspx
Quote Microsoft is investigating new public reports of a vulnerability in Remote Desktop Services. We have not been made aware of attacks that try to use the reported vulnerability or of customer impact at this time, but we are aggressively investigating the public reports. Our initial investigation has revealed that a denial of service vulnerability exists that could allow an attacker to send a specially crafted Remote Desktop Protocol (RDP) request to an affected system. Our investigation has determined that this is limited to a denial of service, and therefore an attacker could not use this vulnerability to take complete control of a system. Services that utilize the Remote Desktop Protocol are not enabled by default, however if a service were enabled, an attacker could cause this system to restart. |
#2
Posted 22 July 2005 - 11:36
mda, am primit si eu un mail de la eEye:
Quote About the Vulnerability eEye Digital Security researchers did not discover this vulnerability, but the researcher who did has consulted with eEye and has provided some additional details about this issue to help us confirm the analysis and assess the risk that it poses. Without going into complete details on this issue, we will explain the already public details and dispel some misconceptions reported by the media. The first misconception was reported last week. Some known security experts were quoted saying that there is a high likelihood that this vulnerability can be exploited to run arbitrary code on the target systems. This is completely false. The Microsoft analysis on this bug is, in this case, 100% correct and the potential result of a successful exploit is nothing more severe than a DoS. Once details are released, the eEye research team may explain the technical reasons behind why this flaw does not lead to an opportunity to execute arbitrary commands, and offer a look at the exact code behind the vulnerability. Because there is no opportunity to run arbitrary code, this also removes the possibility for this flaw to be used in a worm attack. As far as attack scenarios go, this vulnerability can be utilized in a Denial of Service (DoS) attack or a blended attack where the attacker requires the ability to force a remote system to reboot. Causing a DoS on a target system would force either an automatic or manual reboot to be required, depending on the target system's configuration. So what exactly is this vulnerability? This question is difficult to answer without discussing information that is not already public knowledge. A specific driver, RDPWD.SYS, is present on Windows 2000, Windows 2003, and Windows XP. All versions of Windows including Windows XP SP2 are vulnerable, but as mentioned above, only if the RDP service is enabled. deci impactul maxim ar fi un DoS si nu remote code execution, cum umbla vorba. Interesant ar fi de vazut daca afecteaza si componenta TSAC (RDP din browser prin control ActiveX). Edited by PreTXT, 22 July 2005 - 11:37. |
#3
Posted 22 July 2005 - 11:56
da, si eu tot de la eEye am primit. Nush ce draq, MS inca nu a dat duma pe mail.
Din cate am reusit sa gasesc pana acum, inteleg ca ar trebui sa afectezi si AXu' ... dar ramane de vazut ce zice MS la capitolul asta. Oricum, filtrarea ramane sfanta pe RDP. Ma oftic cand nu am acces direct de prin diverse locuri publice / mobile, dar e mai sigur asa ... Deocamdata. |
#4
Posted 22 July 2005 - 12:21
Tyby, on Jul 22 2005, 12:56, said: Oricum, filtrarea ramane sfanta pe RDP. Ma oftic cand nu am acces direct de prin diverse locuri publice / mobile, dar e mai sigur asa ... Deocamdata. asta oricum e valabil pentru orice scula de remote admin ... n-as face administrare peste Internet, indiferent de jucarie (encrypted vnc, ssh, etc.) .. tunelarea VPN cu un AES 256 e sfanta ! pe urma ... dai si cu telnet daca vrei |
#5
Posted 23 July 2005 - 09:09
Cam nasol, mai ales ca principala mea unealta de munca e RDC. Noroc ca este prin VPN.
Si mai nasol ca Microsoft n-a scos un patch imediat . Auzi fix la ei : blocheaza portul de RDP . Sau da-i cu windows/microsoft update ca poate merge. Telnet telnet, da' io am nevoie de gui Edited by ezekio, 23 July 2005 - 09:35. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users