News Stay informed about the latest enterprise technology news and product updates.

New flaw in Windows XP, server products

Versions of Windows XP and Windows Server 2003 contain a TCP/IP flaw attackers could use to cause a denial of service, according to a French security firm.

Versions of Windows XP and Server 2003 contain a flaw attackers could use to cause a denial of service attack, French security firm FrSIRT said in an advisory.

The vulnerability is in the Windows IPv6 TCP/IP stack when processing a specially crafted packet in which the SYN flag is set and the source address and port are the same as the destination address and port. A remote user could exploit this vulnerability to launch a LAND attack, which would cause a vulnerable system to crash.

Microsoft patched a variant of this flaw in April, FrSIRT said. The problem specifically affects Windows XP, XP SP1, XP SP2, Server 2003 and Server 2003 SP1. FrSIRT recommends users filter all traffic with a firewall. The organization said it is "not aware of any official supplied patch for this issue."

On Wednesday, Microsoft issued a security advisory acknowledging the vulnerability in the TCP/IP component of Windows, saying that TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. However, the company downplayed the significance of the threat. "We are not aware of any attacks attempting to use the reported vulnerability and have no reports of customer impact at this time," Microsoft said in the advisory.

This article originally appeared on

Dig Deeper on Patches, alerts and critical updates

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.