TechTarget

Windows threatened by NNTP flaw

Microsoft has confirmed that a flaw in the Network News Transport Protocol (NNTP) service in Windows NT and Windows 2000 could...

Microsoft has confirmed that a flaw in the Network News Transport Protocol (NNTP) service in Windows NT and Windows 2000 could allow attackers to paralyse the server.

In its first security alert since Code Red, the company said an attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service. Such flaws are known as memory leaks.

The NNTP denial-of-service vulnerability does not allow attackers to gain control of the system or access data.

NNTP is an industry-standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used in the Usenet Internet newsgroup service.

Microsoft's NNTP service is installed by default on Windows 2000 servers and runs by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings.

An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said. A patch to repair the flaw is available from www.microsoft.com/technet/security/bulletin/MS01-043.asp.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchDataCenter

SearchDataManagement

Close