Microsoft warns of another problem in Win 2000
By Sam Costello
(IDG) -- Microsoft said that a new flaw in its Windows 2000 Server software can lead to a denial-of-service attack. The bug was the second denial-of-service flaw in Windows 2000 announced in May.
The flaw, which affects Windows 2000 Server, Advanced Server and Datacenter, is the result of a memory leak in Window 2000's Kerberos service. Kerberos is a method of authenticating requests for service by other computers, especially important in servers. When a certain type of information is repeatedly sent to the server, a memory flaw in the domain controller of Windows 2000, a key component for authenticating requests for service, will cause the server to run out of available memory, leaving it unable to perform any other operations. Restarting the system will bring the server back online.
Visit an IDG site|
Defcom Labs in late January discovered the problem and notified Microsoft at the time, according to an e-mail about the vulnerability sent out by Defcom's Peter Grundl.
Microsoft released a security bulletin and a patch for the problem immediately.
The vulnerability follows on the heels of a more serious flaw in Windows 2000 Server that was reported in early May. That bug allowed an attacker to gain complete control over unpatched Windows 2000 systems.