COMMAND
	Windows 2000 Terminal Server DoS attack
SYSTEMS AFFECTED
	Windows 2000 Terminal Server
PROBLEM
	Jonathan Hunter says :
	Any user with  sufficient  permission  to  log  on  to  a  Windows  2000
	Terminal Server (via RDP or ICA) and access its  filesystem  can  reboot
	the server at will.
	 Exploit
	 -------
	
	- Open %SYSTEMROOT%\SYSTEM32\MSGINA.DLL for exclusive access (read lock).
	  I used Radsoft's HEXVIEW.EXE from Rix2K to do this.
	- Open a new connection to the server via RDP/ICA
	- Click the nice, helpful "Restart" button in the warning dialog that
	  appears ("msgina.dll failed to load")
	
	Tested on Windows 2000  Server  (IE55,  SP2)  and  Windows  2000  Server
	(IE55, SP3).
SOLUTION
	no patch yet.
	 Workaround
	 ----------
	
	- Remove all permissions from MSGINA.DLL for "Power Users", "Users" and
	  "Everyone"
	
	Note: The above workaround  has  been  tested  on  Windows  2000  Server
	(IE55, SP2) and users were still able to log in  as  normal.  I  am  not
	aware of a need for MSGINA.DLL to be accessible by normal users, but  if
	there are any such circumstances  Microsoft  will  need  to  produce  an
	alternative fix.