News

Denial-of-Service Vulnerability in TCP Affects Windows

Microsoft on Wednesday issued a security advisory to warn Windows users of a new denial of service vulnerability affecting TCP/IP.

The warning comes as part of a new pilot program, which Microsoft is using to acknowledge new security problems, provide workarounds and report progress in fixing flaws.

The TCP flaw allows a remote attacker to set arbitrary timer values for a TCP connection, creating a denial-of-service condition until TCP connections are re-established.

"We do not consider this to be a significant threat to the security of the Internet," Microsoft stated in the advisory. First among mitigating factors is that the flaw can only be used to create a denial of service; privilege elevation and code execution are not possible, according to Microsoft.

The flaw does not affect Windows 98/98 SE/ME. Changes made in Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and the MS05-019 security update eliminated the vulnerability.

Complicating the choice to apply MS05-019 are Microsoft's plans to rerelease MS05-019 in June to fix some problems it introduced with network connectivity in certain network configurations. The network connectivity problems are not related to the new TCP/IP flaws or the critical remote code execution flaw that the April bulletin was issued to patch.

For more information on the TCP security advisory and the MS05-019 rerelease, see Microsoft Security Advisory (899480).

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus