Microsoft Security Bulletin MS01-052
Invalid RDP Data can Cause Terminal Service Failure
Originally posted: October 18, 2001
Updated: May 11, 2004
Who should read this bulletin:
System administrators who operate terminal servers using either Microsoft® Windows NT® 4.0 or Windows® 2000.
Impact of vulnerability:
Denial of service
Maximum risk rating:
Apply patch to all Windows NT 4.0 or Windows 2000 terminal servers.
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
Microsoft thanks Luciano Martins of Deloitte & Touche Argentina (http://www.deloitte.com.ar) for reporting this issue to us and working with us to protect customers. Microsoft also thanks Neil Begin of FSC Internet Corp. (http://www.fscinternet.com) for working with us on the issued addressed with the 3.0 update of this security bulletin.
- Microsoft Knowledge Base article q307454 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (October 18, 2001): Bulletin Created.
- V2.0 (October 22, 2001): Bulletin updated to advise customers that the version of the Windows 2000 patch released on October 18, 2001, contained an error that has been corrected.
- V2.1 (June 13, 2003): Updated download links to Windows Update.
- V3.0 (May 11, 2004): Microsoft has released a revised version of the Windows NT Server 4.0 Terminal Server Edition security update.