If this page does not print out automatically, select Print from the File menu.

Microsoft warns of TCP/IP flaw

Attacker could bring down a network connection

Iain Thomson, vnunet.com 19 May 2005

Microsoft has issued an advisory concerning problems with its software's handling of TCP/IP protocols.

The flaw could allow an attacker to set arbitrary timer values for a TCP connection and use these to bring down the network connection. It would not allow an intruder full access to machines afflicted with the vulnerability.

"For an attacker to try to exploit this vulnerability, they must first predict or learn the IP address and port information of the source and of the destination of an existing TCP network connection," said the company in a statement.

"Protocols or programs that maintain long sessions and that have predictable TCP/IP information are at an increased risk from this issue."

Microsoft has stressed that those users who have installed XP SP2 and Windows Server with SP1 are protected and that it does not consider this to be a significant threat.

The flaw was addressed with patch MS05-019, released in April, but this patch is being reissued as it causes other conflicts.

The latest advisory can be found here

Permalink: http://www.pcw.co.uk/2135429

www.pcw.co.uk/2135429

This article was printed from the Personal Computer World web site
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503

Close this window to return to the website