 |
 |
|
|
|
|||||||||||||||||||
|
|
By Sam Costello (IDG) -- Microsoft said that a new flaw in its Windows 2000 Server software can lead to a denial-of-service attack. The bug was the second denial-of-service flaw in Windows 2000 announced in May. The flaw, which affects Windows 2000 Server, Advanced Server and Datacenter, is the result of a memory leak in Window 2000's Kerberos service. Kerberos is a method of authenticating requests for service by other computers, especially important in servers. When a certain type of information is repeatedly sent to the server, a memory flaw in the domain controller of Windows 2000, a key component for authenticating requests for service, will cause the server to run out of available memory, leaving it unable to perform any other operations. Restarting the system will bring the server back online.
Defcom Labs in late January discovered the problem and notified Microsoft at the time, according to an e-mail about the vulnerability sent out by Defcom's Peter Grundl. Microsoft released a security bulletin and a patch for the problem immediately. The vulnerability follows on the heels of a more serious flaw in Windows 2000 Server that was reported in early May. That bug allowed an attacker to gain complete control over unpatched Windows 2000 systems. |
|
|
|
||||||||||||||
|
|||||||||||||||||||
|
|||||||||||||||||||
|
|||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
