Microsoft RDP flaws could allow sniffing and DOS(Q324380)

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, and Remote Data Protocol (RDP) version 5.1 in Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command. Impact of vulnerability: Two vulnerabilities: information disclosure, denial of service. Maximum Severity Rating: Moderate. Recommendation: Administrators of Windows 2000 terminal servers and Windows XP users who have enabled Remote Desktop should apply the patch. Affected Software: Microsoft Windows 2000 Microsoft Windows XP