Windows threatened by NNTP flaw

News

Windows threatened by NNTP flaw

Microsoft has confirmed that a flaw in the Network News Transport Protocol (NNTP) service in Windows NT and Windows 2000 could allow attackers to paralyse the server.

In its first security alert since Code Red, the company said an attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service. Such flaws are known as memory leaks.

The NNTP denial-of-service vulnerability does not allow attackers to gain control of the system or access data.

NNTP is an industry-standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used in the Usenet Internet newsgroup service.

Microsoft's NNTP service is installed by default on Windows 2000 servers and runs by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings.

An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said. A patch to repair the flaw is available from www.microsoft.com/technet/security/bulletin/MS01-043.asp.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy