Microsoft has confirmed that a new flaw in its Windows 2000 Server software could lead to a denial of service attack, making it the second such flaw in the operating system that the company has announced this month.
The latest problem, which affects Windows 2000 Server, Advanced Server and Datacenter, comes from a memory leak in 2000's Kerberos service. Kerberos is designed to provide strong authentication for applications by using secret-key cryptography.
In a bulletin issued by Microsoft, the company explained that the vulnerability, which runs on Windows 2000 domain controllers, incorrectly processes a certain type of invalid request.
The bulletin further states that if a malicious user sends a continuous stream of specially malformed data packets to the domain controller, the packets can consume a user's computer resources and cause the domain controller to process service requests slowly or not at all.
Furthermore, it may prevent the domain controller from authenticating users.
Defcom Labs discovered the problem and notified Microsoft which issued a security bulletin and a patch for the problem. The patch is available at www.Microsoft.com/downloads/Release.ASP?ReleaseID=29537.
Earlier this month the software giant announced a more serious flaw in which a part of its Internet Information Services 5.0 is vulnerable to a technique known as buffer overrun that would allow an attacker to take almost total control of a server running the software.
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days
Success of Unity's test flight means Virgin Galactic is now close to taking its first paying tourist into space
V3 puts the pro-level football GPS tracker through its paces, and asks if it's more than a gimmick
Finding refutes many earlier studies that suggest that galaxies don't have much dark matter at the time of their birth