xp remote desktop bluescreen or how to shoot your pc

- i have posted this bug report more than one year ago already -

Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:

Here comes the procedure to reproduce a severe bug in the windows xp
terminal service (RDPDD.dll):

Set up a windows xp pro host and connect then from a remote computer via
remote desktop.

1)
connect and logon (create new session) at color depth 15bit

2)
disconnect (leave the user logged on)

3)
connect and logon to the created session at color depth 16bit

4)
disconnect

5)
connect and logon to the created sesseion at color despth 15bit

-> voila, the remote desktop host system reboots!

- I can reproduce this bug on all 4 availble computers (all xp pro with sp3)
at my location.

techsc wrote:
> - i have posted this bug report more than one year ago already -
>
> Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:
>
> Here comes the procedure to reproduce a severe bug in the windows xp
> terminal service (RDPDD.dll):
>
> Set up a windows xp pro host and connect then from a remote
> computer via remote desktop.
>
> 1)
> connect and logon (create new session) at color depth 15bit
>
> 2)
> disconnect (leave the user logged on)
>
> 3)
> connect and logon to the created session at color depth 16bit
>
> 4)
> disconnect
>
> 5)
> connect and logon to the created sesseion at color despth 15bit
>
> -> voila, the remote desktop host system reboots!
>
> - I can reproduce this bug on all 4 availble computers (all xp pro
> with sp3) at my location.

ATI video cards?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

The bug is not related to any video card. I can reproduce the bsod on ati,
nvidia and even on vmware virtual machine cards. Anyone can try it.

"Shenan Stanley" wrote:

> techsc wrote:
> > - i have posted this bug report more than one year ago already -
> >
> > Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:
> >
> > Here comes the procedure to reproduce a severe bug in the windows xp
> > terminal service (RDPDD.dll):
> >
> > Set up a windows xp pro host and connect then from a remote
> > computer via remote desktop.
> >
> > 1)
> > connect and logon (create new session) at color depth 15bit
> >
> > 2)
> > disconnect (leave the user logged on)
> >
> > 3)
> > connect and logon to the created session at color depth 16bit
> >
> > 4)
> > disconnect
> >
> > 5)
> > connect and logon to the created sesseion at color despth 15bit
> >
> > -> voila, the remote desktop host system reboots!
> >
> > - I can reproduce this bug on all 4 availble computers (all xp pro
> > with sp3) at my location.
>
> ATI video cards?
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

techsc wrote:
> - i have posted this bug report more than one year ago already -
>
> Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:
>
> Here comes the procedure to reproduce a severe bug in the windows xp
> terminal service (RDPDD.dll):
>
> Set up a windows xp pro host and connect then from a remote
> computer via remote desktop.
>
> 1)
> connect and logon (create new session) at color depth 15bit
>
> 2)
> disconnect (leave the user logged on)
>
> 3)
> connect and logon to the created session at color depth 16bit
>
> 4)
> disconnect
>
> 5)
> connect and logon to the created sesseion at color despth 15bit
>
> -> voila, the remote desktop host system reboots!
>
> - I can reproduce this bug on all 4 availble computers (all xp pro
> with sp3) at my location.

Shenan Stanley wrote:
> ATI video cards?

techsc wrote:
> The bug is not related to any video card. I can reproduce the bsod
> on ati, nvidia and even on vmware virtual machine cards. Anyone can
> try it.

It's Windows XP - it's pretty much a dead horse.
A year ago - it was actually pretty much a dead horse. ;-)

Not to mention - I am unsure why anyone would do what you specify - and I am
just meaning connecting at such a low color depth, much less this change
from low to slightly higher back to low.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Your comment does not help at all.

It is a bug in Windows XP and after one year there is still no reaction or
fix available.

"Shenan Stanley" wrote:

> techsc wrote:
> > - i have posted this bug report more than one year ago already -
> >
> > Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:
> >
> > Here comes the procedure to reproduce a severe bug in the windows xp
> > terminal service (RDPDD.dll):
> >
> > Set up a windows xp pro host and connect then from a remote
> > computer via remote desktop.
> >
> > 1)
> > connect and logon (create new session) at color depth 15bit
> >
> > 2)
> > disconnect (leave the user logged on)
> >
> > 3)
> > connect and logon to the created session at color depth 16bit
> >
> > 4)
> > disconnect
> >
> > 5)
> > connect and logon to the created sesseion at color despth 15bit
> >
> > -> voila, the remote desktop host system reboots!
> >
> > - I can reproduce this bug on all 4 availble computers (all xp pro
> > with sp3) at my location.
>
> Shenan Stanley wrote:
> > ATI video cards?
>
> techsc wrote:
> > The bug is not related to any video card. I can reproduce the bsod
> > on ati, nvidia and even on vmware virtual machine cards. Anyone can
> > try it.
>
> It's Windows XP - it's pretty much a dead horse.
> A year ago - it was actually pretty much a dead horse. ;-)
>
> Not to mention - I am unsure why anyone would do what you specify - and I am
> just meaning connecting at such a low color depth, much less this change
> from low to slightly higher back to low.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>

On Sun, 5 Jul 2009 18:24:07 -0500, "Shenan Stanley"
<(E-Mail Removed)> wrote:

>techsc wrote:
>> - i have posted this bug report more than one year ago already -
>>
>> Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:
>>
>> Here comes the procedure to reproduce a severe bug in the windows xp
>> terminal service (RDPDD.dll):
>>
>> Set up a windows xp pro host and connect then from a remote
>> computer via remote desktop.
>>
>> 1)
>> connect and logon (create new session) at color depth 15bit
>>
>> 2)
>> disconnect (leave the user logged on)
>>
>> 3)
>> connect and logon to the created session at color depth 16bit
>>
>> 4)
>> disconnect
>>
>> 5)
>> connect and logon to the created sesseion at color despth 15bit
>>
>> -> voila, the remote desktop host system reboots!
>>
>> - I can reproduce this bug on all 4 availble computers (all xp pro
>> with sp3) at my location.
>
>Shenan Stanley wrote:
>> ATI video cards?
>
>techsc wrote:
>> The bug is not related to any video card. I can reproduce the bsod
>> on ati, nvidia and even on vmware virtual machine cards. Anyone can
>> try it.
>
>It's Windows XP - it's pretty much a dead horse.
>A year ago - it was actually pretty much a dead horse. ;-)
>
>Not to mention - I am unsure why anyone would do what you specify - and I am
>just meaning connecting at such a low color depth, much less this change
>from low to slightly higher back to low.
>

Not very constructive. The fact it is reproducible across a variety of
platforms is cause enough for concern. XP is far from dead, since MS
has yet to produce a newer system in sufficient population and appeal
to supplant all the installed XP boxes, it should still be on the
table for a fix. It's a bug that should have been detected and fixed
by now. The bug is reproducible on my Dell laptops and HP desktops.

If this scenario, or something like it, can be shown to kill a machine
during the connect process without needing a valid login it would make
for a fine denial of service attack. Since the code base for RDP is
probably close to if not identical to Terminal Services it could be
used to take down a TS box. It demonstrates a potential vulnerability
that could be exploited as a DoS or, with the proper frames, a way
into a kernel driver for elevation of privilege.

To techsc: this is not a proper place for a bug report in any case.
This should be submitted to the Microsoft support team as a proper bug
report, not in the newsgroups. You won't get much action from MS by
posting here, as you have demonstrated.

techsc wrote:
> - i have posted this bug report more than one year ago already -
>
> Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:
>
> Here comes the procedure to reproduce a severe bug in the windows xp
> terminal service (RDPDD.dll):
>
> Set up a windows xp pro host and connect then from a remote
> computer via remote desktop.
>
> 1)
> connect and logon (create new session) at color depth 15bit
>
> 2)
> disconnect (leave the user logged on)
>
> 3)
> connect and logon to the created session at color depth 16bit
>
> 4)
> disconnect
>
> 5)
> connect and logon to the created sesseion at color despth 15bit
>
> -> voila, the remote desktop host system reboots!
>
> - I can reproduce this bug on all 4 availble computers (all xp pro
> with sp3) at my location.

Shenan Stanley wrote:
> ATI video cards?

techsc wrote:
> The bug is not related to any video card. I can reproduce the bsod
> on ati, nvidia and even on vmware virtual machine cards. Anyone can
> try it.

Shenan Stanley wrote:
> It's Windows XP - it's pretty much a dead horse.
> A year ago - it was actually pretty much a dead horse. ;-)
>
> Not to mention - I am unsure why anyone would do what you specify -
> and I am just meaning connecting at such a low color depth, much
> less this change from low to slightly higher back to low.

techsc wrote:
> Your comment does not help at all.
>
> It is a bug in Windows XP and after one year there is still no
> reaction or fix available.

To be clearer, I wouldn't expect a reaction or a fix if I were you.

It's great that you found a problem (albeit one I doubt many people would
ever run into, nor do I immediately see any exploitable concept in it) and
fantastic that you reported it. However - you reported it (supposedly) one
year ago. That would be July 2008. Windows Vista (the supposed replacement
for Windows XP) was released to businesses in November 2006 and to the
public in January 2007. Windows XP SP3 (which did make changes to the
Remote Desktop client - at least, if not to the entire sub-system) was
released in late April/early May 2008.

I see the first report of the problem you speak of (public - possibly you?)
here:
http://forums.nvidia.com/index.php?showtopic=84939

And I never said it was not an issue - I agree it is a curiosity and could
be, in unique cases, a valid issue for some users. It would be more of a
problem (for Microsoft to put attention to) and not just an issue if (1) it
did it on Windows Vista (does it?) and/or if it did it on Windows 7 (does
it?) and/or the server OSes and/or (2) it did it whether or not you logged
into the remote Windows XP desktop (you seem to actually have to log into
the remote desktop - meaning I couldn't write a script to hit some random
machine and crash it without having a valid logon/open session.) (2) would
make it a serious flaw - exploitable. (1) would make it a current issue.

I don't disagree - if you properly reported the issue via correct channels a
year ago (as you say) - then in a supported OS (Windows XP is a supported -
for now - OS) you should get some sort of statement - at the very least.
However - I wouldn't expect one as you have presented the issue. Not saying
you *shouldn't* expect one, I'm just doubting you will get one.

The only way *I* (as a peer) could help you with a flaw such as this is to
suggest you not change the color depth in such a pattern as you have found
to be disruptive and log into remote Windows XP machines in the given
specific fashion. It's a work-around, to be sure. Choose a specific color
depth and stick with it and/or log off the remote computer when done with a
forced 'different' color depth for 'speed' reasons - I suppose.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

@Geoff:

You've pointed out the real nature of the issue.

I have my reasons, why sometimes people connect with different color depth -
for performance reasons or simply by accident. However, this is not the point.

It is a real bad bug.

Please: How can I report that bug to Microsoft correctly?

Thank you
Chris

"Geoff" wrote:

> On Sun, 5 Jul 2009 18:24:07 -0500, "Shenan Stanley"
> <(E-Mail Removed)> wrote:
>
> >techsc wrote:
> >> - i have posted this bug report more than one year ago already -
> >>
> >> Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure:
> >>
> >> Here comes the procedure to reproduce a severe bug in the windows xp
> >> terminal service (RDPDD.dll):
> >>
> >> Set up a windows xp pro host and connect then from a remote
> >> computer via remote desktop.
> >>
> >> 1)
> >> connect and logon (create new session) at color depth 15bit
> >>
> >> 2)
> >> disconnect (leave the user logged on)
> >>
> >> 3)
> >> connect and logon to the created session at color depth 16bit
> >>
> >> 4)
> >> disconnect
> >>
> >> 5)
> >> connect and logon to the created sesseion at color despth 15bit
> >>
> >> -> voila, the remote desktop host system reboots!
> >>
> >> - I can reproduce this bug on all 4 availble computers (all xp pro
> >> with sp3) at my location.
> >
> >Shenan Stanley wrote:
> >> ATI video cards?
> >
> >techsc wrote:
> >> The bug is not related to any video card. I can reproduce the bsod
> >> on ati, nvidia and even on vmware virtual machine cards. Anyone can
> >> try it.
> >
> >It's Windows XP - it's pretty much a dead horse.
> >A year ago - it was actually pretty much a dead horse. ;-)
> >
> >Not to mention - I am unsure why anyone would do what you specify - and I am
> >just meaning connecting at such a low color depth, much less this change
> >from low to slightly higher back to low.
> >
>
> Not very constructive. The fact it is reproducible across a variety of
> platforms is cause enough for concern. XP is far from dead, since MS
> has yet to produce a newer system in sufficient population and appeal
> to supplant all the installed XP boxes, it should still be on the
> table for a fix. It's a bug that should have been detected and fixed
> by now. The bug is reproducible on my Dell laptops and HP desktops.
>
> If this scenario, or something like it, can be shown to kill a machine
> during the connect process without needing a valid login it would make
> for a fine denial of service attack. Since the code base for RDP is
> probably close to if not identical to Terminal Services it could be
> used to take down a TS box. It demonstrates a potential vulnerability
> that could be exploited as a DoS or, with the proper frames, a way
> into a kernel driver for elevation of privilege.
>
> To techsc: this is not a proper place for a bug report in any case.
> This should be submitted to the Microsoft support team as a proper bug
> report, not in the newsgroups. You won't get much action from MS by
> posting here, as you have demonstrated.
>

Geoff wrote:
> Not very constructive. The fact it is reproducible across a variety
> of platforms is cause enough for concern. XP is far from dead,
> since MS has yet to produce a newer system in sufficient population
> and appeal to supplant all the installed XP boxes, it should still
> be on the table for a fix. It's a bug that should have been
> detected and fixed by now. The bug is reproducible on my Dell
> laptops and HP desktops.
>
> If this scenario, or something like it, can be shown to kill a
> machine during the connect process without needing a valid login it
> would make for a fine denial of service attack. Since the code base
> for RDP is probably close to if not identical to Terminal Services
> it could be used to take down a TS box. It demonstrates a potential
> vulnerability that could be exploited as a DoS or, with the proper
> frames, a way into a kernel driver for elevation of privilege.
>
> To techsc: this is not a proper place for a bug report in any case.
> This should be submitted to the Microsoft support team as a proper
> bug report, not in the newsgroups. You won't get much action from
> MS by posting here, as you have demonstrated.

The response was not meant to be constructive - since I have no way to fix a
flaw in the programming of the OS - all I could have done is said "don't do
that". If you read my later response - you will see that I just don't
*expect* there to be a response from Microsoft. Maybe I will be proven
wrong - maybe there will be.

You'll also see in my other response that it does not seem to crash a system
unless you have a legitimate session already and are reconnecting completely
to that session - and then you have to disconnected and reconnect - changing
the color depth twice (the issue does not seem as limited as the OP is
making it sound - the last change could have been to a completely different
color depth than the original one.) If the OP is this person:

http://forums.nvidia.com/index.php?showtopic=84939

Then a year ago might be a bit of an exaggeration for a public report - but
what they did properly/privately is an unknown variable. ;-)

The OP (techsc) said they "posted this bug report more than one year ago
already", and yeah - perhaps I assumed (by the specific language) too
much - in that they had officially reported the problem through proper
channels. My bad. Maybe they have not and I could have suggested they do
it properly... So let's ask and be sure:

techsc,

Did you file a proper (with Microsoft - not just posted on a newsgroup
randomly) report with Microsoft documenting the issue?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Shenan:

You're still talking about how unusual - in you personal point of view - the
reported blue screen will come up.

Accept it like it is: A real bad bug in the OS. And yes, in my
infrastructure this bug leads frequently to total computer resets.

However, I halready asked in the thread:

Please: How can I report that bug to Microsoft correctly?

"Shenan Stanley" wrote:

> Geoff wrote:
> > Not very constructive. The fact it is reproducible across a variety
> > of platforms is cause enough for concern. XP is far from dead,
> > since MS has yet to produce a newer system in sufficient population
> > and appeal to supplant all the installed XP boxes, it should still
> > be on the table for a fix. It's a bug that should have been
> > detected and fixed by now. The bug is reproducible on my Dell
> > laptops and HP desktops.
> >
> > If this scenario, or something like it, can be shown to kill a
> > machine during the connect process without needing a valid login it
> > would make for a fine denial of service attack. Since the code base
> > for RDP is probably close to if not identical to Terminal Services
> > it could be used to take down a TS box. It demonstrates a potential
> > vulnerability that could be exploited as a DoS or, with the proper
> > frames, a way into a kernel driver for elevation of privilege.
> >
> > To techsc: this is not a proper place for a bug report in any case.
> > This should be submitted to the Microsoft support team as a proper
> > bug report, not in the newsgroups. You won't get much action from
> > MS by posting here, as you have demonstrated.
>
> The response was not meant to be constructive - since I have no way to fix a
> flaw in the programming of the OS - all I could have done is said "don't do
> that". If you read my later response - you will see that I just don't
> *expect* there to be a response from Microsoft. Maybe I will be proven
> wrong - maybe there will be.
>
> You'll also see in my other response that it does not seem to crash a system
> unless you have a legitimate session already and are reconnecting completely
> to that session - and then you have to disconnected and reconnect - changing
> the color depth twice (the issue does not seem as limited as the OP is
> making it sound - the last change could have been to a completely different
> color depth than the original one.) If the OP is this person:
>
> http://forums.nvidia.com/index.php?showtopic=84939
>
> Then a year ago might be a bit of an exaggeration for a public report - but
> what they did properly/privately is an unknown variable. ;-)
>
> The OP (techsc) said they "posted this bug report more than one year ago
> already", and yeah - perhaps I assumed (by the specific language) too
> much - in that they had officially reported the problem through proper
> channels. My bad. Maybe they have not and I could have suggested they do
> it properly... So let's ask and be sure:
>
> techsc,
>
> Did you file a proper (with Microsoft - not just posted on a newsgroup
> randomly) report with Microsoft documenting the issue?
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
>
>