
DoS attack storms port 445
Windows 2000 desktop and server versions affected
Security experts have warned that default registry settings on Windows 2000 boxes could allow a malicious user to cause a denial of service (DoS) attack through port 445.
Research from analyst KPMG Denmark found that default registry settings in the Windows 2000 Lanman network management service could allow a user with access to TCP port 445, also known as the Microsoft-ds port, to effect a DoS attack.
Both desktop and server versions of Windows 2000 are vulnerable.
"Sending malformed packets to the Microsoft-ds port [TCP 445] can result in kernel resources being allocated by the Lanman service," said KPMG. "The consequences of such an attack could vary from the Windows 2000 host completely ignoring the attack, to a blue screen."
The attack is also very simple to carry out. "An attack could be something as simple as sending a continuous stream of 10K null chars to TCP port 445," the analyst said.
The management service in Windows 2000 would keep allocating kernel memory until all processing power was used up.
"It would frequently be possible to cause the system service to enter a state where it constantly used 100 per cent CPU usage," said KPMG. "A PC was left in this state over the weekend to see if it would recover on its own. It did not."
Microsoft has been alerted and released a paper earlier this week describing the problem and possible solutions. This can be read here.
V3 Latest
German flying taxi firm headhunts designer of modern Mini and Fiat 500
Stephenson will design the inside and outside of the futuristic Lillium jet.
Facebook publishes new content guidelines
The new policy is aimed at making the social network is a safer place
Amazon working on robot for early 2019, claims Bloomberg report
Amazon robot would probably be little more than an Amazon Echo on wheels
Citrix launches lawsuit against Workspot over claims of patent infringement
Citrix claims Workspot has 'continued to mislead the market' and use Citrix-patented features