News

Denial-of-Service Vulnerability in TCP Affects Windows

Microsoft on Wednesday issued a security advisory to warn Windows users of a new denial of service vulnerability affecting TCP/IP.

The warning comes as part of a new pilot program, which Microsoft is using to acknowledge new security problems, provide workarounds and report progress in fixing flaws.

The TCP flaw allows a remote attacker to set arbitrary timer values for a TCP connection, creating a denial-of-service condition until TCP connections are re-established.

"We do not consider this to be a significant threat to the security of the Internet," Microsoft stated in the advisory. First among mitigating factors is that the flaw can only be used to create a denial of service; privilege elevation and code execution are not possible, according to Microsoft.

The flaw does not affect Windows 98/98 SE/ME. Changes made in Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and the MS05-019 security update eliminated the vulnerability.

Complicating the choice to apply MS05-019 are Microsoft's plans to rerelease MS05-019 in June to fix some problems it introduced with network connectivity in certain network configurations. The network connectivity problems are not related to the new TCP/IP flaws or the critical remote code execution flaw that the April bulletin was issued to patch.

For more information on the TCP security advisory and the MS05-019 rerelease, see Microsoft Security Advisory (899480).

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.