Peter Grundl, a researcher at KPMG in Denmark, discovered a Denial of Service (DoS) condition in Windows 2000 that could potentially cause systems to crash. Microsoft issued the article, "Denial of Service Attack on Port 445 May Cause Excessive CPU Use," (see URL below) regarding the matter. The article describes two methods to work around the vulnerability; however, the company didn't issue a bulletin alerting customers to the potential problem and available workarounds.
According to Grundl, sending malformed packets to port 445 (microsoft-ds port) can result in the LANMAN service allocating kernel resources, such as memory space. A malicious user could send a constant stream of malformed packets to the port, resulting in memory exhaustion where other applications might cease operating correctly or a system crash could occur. In addition, the system service could enter a state of 100 percent CPU utilization, thereby exhausting processor resources.
Microsoft's article recommends that users either disable NetBIOS over TCP/IP, which disables port 445, or create a new registry value (MaxWorkItems) in the LanManServer registry key settings. For details about how to enable either of the two workarounds, be sure to read the article.
