Terminal Services Man In the Middle Vulnerability

[Guest Phil McNeill]

Is the MITM vulnerability method described here still an issue with the

latest versions of TS clients and 2003 TS server?

 

http://www.securiteam.com/windowsntfocus/5EP010KG0G.html

[Guest TP]

Re: Terminal Services Man In the Middle Vulnerability

 

No, not an issue, but you need to take the necessary steps.

Preferrably you will need to obtain a public certificate ($12/yr),

install it on the server, and then configure the TS server to

use SSL for the security layer. 2003 SP1 or later is required.

 

On the client side, you need to use version 5.2.3790.1830 or

later, as well as set it to Require Authentication (preferred) or

Attempt Authentication.

 

-TP

 

Phil McNeill wrote:

> Is the MITM vulnerability method described here still an issue with

> the latest versions of TS clients and 2003 TS server?

>

> http://www.securiteam.com/windowsntfocus/5EP010KG0G.html