{"id":2041,"date":"2020-10-05T14:58:05","date_gmt":"2020-10-05T22:58:05","guid":{"rendered":"http:\/\/wonghoi.humgar.com\/blog\/?p=2041"},"modified":"2020-10-05T15:04:22","modified_gmt":"2020-10-05T23:04:22","slug":"termdd-sys-bsod-because-of-remote-hack-attempts","status":"publish","type":"post","link":"https:\/\/wonghoi.humgar.com\/blog\/2020\/10\/05\/termdd-sys-bsod-because-of-remote-hack-attempts\/","title":{"rendered":"termdd.sys BSOD because of remote hack attempts"},"content":{"rendered":"

Recently my computer keeps ‘randomly’ getting BSOD over “termdd.sys” and “IRQL_NOT_LESS_OR_EQUAL”. Upon some research on “termdd.sys”, I noticed there’s a RDP heap corruption attack (https:\/\/securitynews.sonicwall.com\/xmlpost\/rdp-vulnerability-cve-2019-0708\/) for RDP services.<\/p>\n

In the past, I opened up my computer’s RDP service to the wild (bad practice) by routing the traffic to the right computer. The attempts did not successfully break into my computer, but in the process, these villains are corrupting my computer memory (heap) thus causing the BSOD.<\/p>\n

Instead, I plugged the bad practice of opening up web services that are only for me to use. Instead connect to my home network using VPN when I need to access my computers. Since then the BSOD disappeared.<\/p>\n

Lesson learned: Your computer is not hacked by a remote exploit (probably patched enough) doesn’t mean the exploit won’t trash your computer memory till it crashes. Better use a VPN than directly opening up RDP to the wild internet.<\/p>\n

<\/div>\n

<\/path><\/svg><\/i> \"Loading\"<\/p>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

Recently my computer keeps ‘randomly’ getting BSOD over “termdd.sys” and “IRQL_NOT_LESS_OR_EQUAL”. Upon some research on “termdd.sys”, I noticed there’s a RDP heap corruption attack (https:\/\/securitynews.sonicwall.com\/xmlpost\/rdp-vulnerability-cve-2019-0708\/) for RDP services. In the past, I opened up my computer’s RDP service to the … Continue reading →<\/span><\/a><\/p>\n

<\/div>\n

<\/path><\/svg><\/i> \"Loading\"<\/p>\n

<\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2041","post","type-post","status-publish","format-standard","hentry","category-windows"],"_links":{"self":[{"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/posts\/2041","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/comments?post=2041"}],"version-history":[{"count":3,"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/posts\/2041\/revisions"}],"predecessor-version":[{"id":2044,"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/posts\/2041\/revisions\/2044"}],"wp:attachment":[{"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/media?parent=2041"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/categories?post=2041"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wonghoi.humgar.com\/blog\/wp-json\/wp\/v2\/tags?post=2041"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}