A malicious user could cause a denial of service by sending a particular malformed RPC packet to a Windows 2000 machine. In order to restore services after such an attack a reboot is required. DEMONSTRATION No demonstration is available. This issue was reported by Microsoft and no known credit has been given to any other organizations. Please note that Windows 2000 machines connected directly to the Internet are at the highest risk while Windows 2000 machines with ports 135-139 and 445 blocked are not at risk. VENDOR RESPONSE Microsoft has released a security advisory, MS00-066 and a patch that is available at; http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24229 Microsoft has also made a FAQ available on this issue. CREDIT |
0 comments
Hide comments