[ISN] Flaw leaves Windows open to DoS attack, Microsoft warns

From: InfoSec News (isnat_private)
Date: Fri Nov 01 2002 - 01:11:33 PST

  • Next message: InfoSec News: "[ISN] Root-Server Attack Traced to South Korea, U.S."

    By Joris Evers
    IDG News Service 
    A flaw in software code that implements a protocol for VPN makes
    Windows 2000 and Windows XP systems vulnerable to denial-of-service
    attacks, Microsoft warned late Wednesday.
    An unchecked buffer exists in the code that implements the
    Point-to-Point Tunneling Protocol (PPTP), a protocol that enables
    users to create and use VPNs that is natively supported by Windows
    2000 and Windows XP, Microsoft said in security bulletin MS02-063. The
    software maker deems the issue "critical."
    PPTP is an option in Routing and Remote Access Services in server
    versions of Windows 2000 and Windows XP, and part of the Remote Access
    Client in workstation versions. Systems are only at risk if PPTP has
    been enabled, Microsoft said.
    Both server and client systems are at risk, though an attack on a
    client would be more difficult as it typically changes its IP address
    every time a connection is setup, Microsoft said. An attacker could
    cause a vulnerable system to fail by sending malformed PPTP control
    data to the system, Microsoft said.
    A patch to fix the problem is available from Microsoft's TechNet Web
    site. Administrators offering PPTP services should install it
    immediately, and users of remote access using PPTP should consider
    installing the patch, the Redmond, Wash., software maker said.
    Microsoft warned of another, "moderate," security issue affecting
    Windows 2000 in a separate security bulletin issued Wednesday.
    The default permission settings for the software provide users in the
    "Everyone" group full access to the system root folder. An attacker
    could mount a Trojan horse attack against users on the same system by
    placing a program in the root and having that run when another user
    signs on, Microsoft said. Administrators should consider changing
    access permissions on the Windows 2000 root directory, Microsoft said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Nov 01 2002 - 03:52:27 PST