News

Denial-of-Service Vulnerability in TCP Affects Windows

Microsoft on Wednesday issued a security advisory to warn Windows users of a new denial of service vulnerability affecting TCP/IP.

The warning comes as part of a new pilot program, which Microsoft is using to acknowledge new security problems, provide workarounds and report progress in fixing flaws.

The TCP flaw allows a remote attacker to set arbitrary timer values for a TCP connection, creating a denial-of-service condition until TCP connections are re-established.

"We do not consider this to be a significant threat to the security of the Internet," Microsoft stated in the advisory. First among mitigating factors is that the flaw can only be used to create a denial of service; privilege elevation and code execution are not possible, according to Microsoft.

The flaw does not affect Windows 98/98 SE/ME. Changes made in Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and the MS05-019 security update eliminated the vulnerability.

Complicating the choice to apply MS05-019 are Microsoft's plans to rerelease MS05-019 in June to fix some problems it introduced with network connectivity in certain network configurations. The network connectivity problems are not related to the new TCP/IP flaws or the critical remote code execution flaw that the April bulletin was issued to patch.

For more information on the TCP security advisory and the MS05-019 rerelease, see Microsoft Security Advisory (899480).

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.