Denial of Service in Microsoft Windows 2000 Terminal Services

a stressed employee at their laptop and collaboration icons gone amok

Sep 13, 2024

4 Min Read

Unified Communications

Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?

display of new apple products and features

Sep 12, 2024

4 Min Read

Recent in OS

See All OS

MacOS

Apple Unveils iPhone 16 Built for AI; Apple Intelligence Coming to Product Lineup Apple Unveils iPhone 16 Built for AI; Apple Intelligence Coming to Product Lineup

byLiz Hughes, AI Business

Sep 10, 2024

1 Min Read

A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello

PowerShell

PowerShell Speech Recognition: How To Set up Voice Commands and Responses PowerShell Speech Recognition: How To Set up Voice Commands and Responses

2 college students sitting on the lawn studying together

Sep 6, 2024

10 Min View

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

8 Essential Back-to-School Gadgets to Power Through Your Semester 8 Essential Back-to-School Gadgets to Power Through Your Semester

byNathan Eddy

Sep 14, 2024

8 Slides

person clicking on a Talent button

Skills-Based Hiring in IT: How to Do It Right Skills-Based Hiring in IT: How to Do It Right

byJohn Edwards, InformationWeek

Sep 13, 2024

1 Min Read

Career

Recent in Career

See All Career Mgmt

ITPro Today's tech careers quick reference guide cover

Career Management

Tech Careers: Quick Reference Guide to IT Job Titles Tech Careers: Quick Reference Guide to IT Job Titles

byChristopher Tozzi

Sep 13, 2024

1 Min Read

person clicking on a Talent button

Skills-Based Hiring in IT: How to Do It Right Skills-Based Hiring in IT: How to Do It Right

byJohn Edwards, InformationWeek

Sep 13, 2024

1 Min Read

Storage

Recent in Storage

See All Data Storage

a moving cloud shape with the words object storage inside

Data Storage

Maximize Cloud Efficiency: What Is Object Storage?Maximize Cloud Efficiency: What Is Object Storage?

an AI processor chip in a cube

Sep 10, 2024

7 Min Read

A Guide to Storage for AI Workloads A Guide to Storage for AI Workloads

byChristopher Tozzi

Sep 9, 2024

4 Min Read

Security

Recent in Security

See All IT Security

list of domains within the umbrella category of IT security

IT Security

What Is IT Security? Essentials of IT Security Explained What Is IT Security? Essentials of IT Security Explained

a digital padlock and the words network security

Sep 16, 2024

7 Min Read

Vulnerabilities & Threats

White House Road Map Provides Guidance on BGP Internet Routing Security White House Road Map Provides Guidance on BGP Internet Routing Security

byBrian T. Horowitz, Network Computing

Sep 12, 2024

1 Min Read

Dev

Recent in Dev

See All Software Dev

programmers collaborating

Programming Languages

International Programmers' Day: Celebrating the Unsung Heroes International Programmers' Day: Celebrating the Unsung Heroes

byRick Dagley

Sep 12, 2024

4 Min Read

continuous glucose monitor on a smartphone app

Unlocking the Power of AI and ML to Improve Remote Patient Monitoring Unlocking the Power of AI and ML to Improve Remote Patient Monitoring

See All Digital Transformation

Sep 9, 2024

6 Min Read

Recent in DX

logo for OpenAI displayed on a smartphone device

OpenAI Nears Release of ‘Strawberry’ Model, With Reasoning Capabilities OpenAI Nears Release of ‘Strawberry’ Model, With Reasoning Capabilities

byBloomberg News

Sep 12, 2024

2 Min Read

a technological background with the outline of a illuminated human profile

How AI Is Propelling Data Visualization Techniques How AI Is Propelling Data Visualization Techniques

data tunnel in quantum computing, computer generated abstract background

Sep 11, 2024

6 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

High Performance Computing

Boeing To Demonstrate Quantum Networking in Space Boeing To Demonstrate Quantum Networking in Space

byBerenice Baker, Enter Quantum

Sep 13, 2024

1 Min Read

AI chip

High Performance Computing

GPU Costs Aren't Infinitely Scalable — What Can Be Done?GPU Costs Aren't Infinitely Scalable — What Can Be Done?

a stressed employee at their laptop and collaboration icons gone amok

Sep 13, 2024

4 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Microsoft Windows
Operating Systems

Denial of Service in Microsoft Windows 2000 Terminal Services

A vulnerability in Windows 2000 Server Terminal Services can permit a malicious user to force a reboot of the terminal server.

Ken Pfeil

January 30, 2003

1 Min Read

VERSIONS AFFECTED

Microsoft Windows 2000 Server Terminal Services

DESCRIPTION

A vulnerability in Windows 2000 Server Terminal Services can permit a malicious user to force a reboot of the terminal server.

DEMONSTRATION

The discoverer posted the following scenario as proof of concept:

Exploit
-------

1. Open %systemroot%system32msgina.dll for exclusive access (read lock).I used Radsoft's hexview.exe from Rix2K to do so.

2. Open a new connection to the server through RDP/ICA.

3. Click Restart in the warning dialog box ("msgina.dll failed to load") that appears.

Tested on Windows 2000 Server Service Pack 2 (SP2) with Microsoft Internet Exploror (IE) 5.5 and Windows 2000 Server SP3 with IE 5.5.

VENDOR RESPONSE

Microsoft hasn't released a fix or a response. The discoverer posted a workaround for Windows 2000 that suggests removing all permissions on msgina.dll for Power Users, Users, and Everyone.

CREDIT

Discovered by Jonathan Hunter.

About the Author

Ken Pfeil

See more from Ken Pfeil

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

Unified Communications

Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?

person placing a block between two columns of blocks

Sep 12, 2024

4 Min Read