Denial of Service Condition in Microsoft NNTP Service for Windows 2000/NT

Reported August 14, 2001, by Microsoft.


  • Microsoft Windows 2000 Server

  • Microsoft Windows 2000 Advanced Server

  • Microsoft Windows 2000 Datacenter Server

  • Microsoft Windows NT Server 4.0

  • Microsoft Windows NT Server, Enterprise Edition


A memory leak condition exists in the way certain Windows OSs (see above) process new postings when using the Network News Transfer Protocol (NNTP) service. If an attacker sends a large number of posts of a particular construction, those posts can deplete the server’s available memory and disrupt service. A user can reboot the server to resume normal service. Only servers that accept new postings are vulnerable to this condition.



The vendor, Microsoft, has released security bulletin MS01-043 to address this vulnerability and recommends that users apply whichever of the following patches is relevant to their system:


Windows NT 4.0 Server and Enterprise Server


Windows 2000 Server and Advanced Server


Windows 2000 Datacenter Server patches are hardware-specific and available only through the OEM.


Discovered by Aiden ORawe.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.