Windows threatened by NNTP flaw


Windows threatened by NNTP flaw

Microsoft has confirmed that a flaw in the Network News Transport Protocol (NNTP) service in Windows NT and Windows 2000 could allow attackers to paralyse the server.

In its first security alert since Code Red, the company said an attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service. Such flaws are known as memory leaks.

The NNTP denial-of-service vulnerability does not allow attackers to gain control of the system or access data.

NNTP is an industry-standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used in the Usenet Internet newsgroup service.

Microsoft's NNTP service is installed by default on Windows 2000 servers and runs by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings.

An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said. A patch to repair the flaw is available from

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy