New flaw in Windows XP, server products

Versions of Windows XP and Windows Server 2003 contain a TCP/IP flaw attackers could use to cause a denial of service, according to a French security firm.

Versions of Windows XP and Server 2003 contain a flaw attackers could use to cause a denial of service attack, French security firm FrSIRT said in an advisory.

The vulnerability is in the Windows IPv6 TCP/IP stack when processing a specially crafted packet in which the SYN flag is set and the source address and port are the same as the destination address and port. A remote user could exploit this vulnerability to launch a LAND attack, which would cause a vulnerable system to crash.

Microsoft patched a variant of this flaw in April, FrSIRT said. The problem specifically affects Windows XP, XP SP1, XP SP2, Server 2003 and Server 2003 SP1. FrSIRT recommends users filter all traffic with a firewall. The organization said it is "not aware of any official supplied patch for this issue."

On Wednesday, Microsoft issued a security advisory acknowledging the vulnerability in the TCP/IP component of Windows, saying that TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. However, the company downplayed the significance of the threat. "We are not aware of any attacks attempting to use the reported vulnerability and have no reports of customer impact at this time," Microsoft said in the advisory.

This article originally appeared on SearchSecurity.com.

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close