Hey all, To whomever just got this bulletin: be careful when installing the patch for the "Invalid RDP Data can Cause Terminal Service Failure" vulnerability released on the 18th. Make sure you are able to revert to your old rdpwsx.dll if you can only access your machine(s) remotely. Installing this patch gave me the following upon Terminal Services startup in my System event log: Error Event ID: 1014 Source: TermService Cannot load illegal module: C:\Winnt\System32\rdpwsx.DLL. With no further explanation. I had to telnet in through my backdoor (spefically created for these types of "patches"), kill the running Terminal Services Service with pstools, as Terminal Services cannot be controlled through a NET command, and copy my old .DLL over this new one and restart term services, and then it worked again, all unpatched and back to normal. Same problem goes for another development box here, so it doesn't look machine-specific. Seems like this will just go around and break terminal services on everyone's boxes. Same operating system, same service packs/hotfixes, same problem, same log entry, same fix.
