Flaw hits NT 4, Windows 2000 and XP

Microsoft has warned of a vulnerability affecting Windows 2000 and XP systems and that is especially bad news for NT 4.

Labelled 'important', the vulnerability was discovered in the Remote Procedure Call (RPC) Endpoint Mapper protocol, which could allow denial of service (DoS) attacks to be carried out against systems.

Although patches have been issued for Windows 2000 and XP, NT 4's architecture makes one impossible, according to Microsoft.

"Due to the fundamental differences between Windows NT 4.0 and Windows 2000 and its successors, it is unfeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability," the company said.

RPC provides an inter-process communication mechanism that allows a program running on one computer to execute code on a remote system. The vulnerability affects the part of RPC that deals with message exchange over TCP/IP.

To exploit the bug an attacker would have to establish a TCP/IP connection to the Endpoint Mapper process on a remote machine and begin the RPC connection negotiation before transmitting a malformed message.

Microsoft said this would cause the RPC service to fail, with the loss of any RPC-based services on the server.

"This vulnerability only permits a DoS attack and does not provide an attacker with the ability to modify or retrieve data on the remote machine," the company said.

Patches for Windows 2000 and XP are available on Microsoft's TechNet website, but the company can only recommend blocking port 135 to protect NT 4 boxes.