Flaw in NNTP could paralyze Windows systems
A flaw in the NNTP (Network News Transport Protocol) service in Microsoft Corp.'s Windows NT and Windows 2000 could allow attackers to paralyze the server, Microsoft said in a security bulletin.
An attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service, Microsoft said in its first security alert after the large-scale Code Red alarm. This type of flaw is called a memory leak.
The NNTP vulnerability, a denial of service vulnerability, does not allow attackers to gain control of the system or get access to any data on the system, Microsoft said.
NNTP is an industry standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used, for example, for the Internet discussion group, or newsgroup, service known as Usenet.
Microsoft's NNTP service is installed by default on Windows 2000 servers and is run by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings, Microsoft said.
An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said.
A patch to fix the flaw is available from Microsoft's TechNet Web site:
http://www.microsoft.com/technet/security/bulletin/MS01-043.asp.
Microsoft, in Redmond, Washington, can be reached at +1-425-882-8080, or online at http://www.microsoft.com.
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
