Microsoft warns of TCP/IP flaw

Microsoft has issued an advisory concerning problems with its software's handling of TCP/IP protocols.

The flaw could allow an attacker to set arbitrary timer values for a TCP connection and use these to bring down the network connection. It would not allow an intruder full access to machines afflicted with the vulnerability.

"For an attacker to try to exploit this vulnerability, they must first predict or learn the IP address and port information of the source and of the destination of an existing TCP network connection," said the company in a statement.

"Protocols or programs that maintain long sessions and that have predictable TCP/IP information are at an increased risk from this issue."

Microsoft has stressed that those users who have installed XP SP2 and Windows Server with SP1 are protected and that it does not consider this to be a significant threat.

The flaw was addressed with patch MS05-019, released in April, but this patch is being reissued as it causes other conflicts.

The latest advisory can be found here

See also:

Microsoft calls in the FBI

Special Agent Gibson on the case  20 May 2005

Internet Explorer springs more leaks

Two further 'high-risk' flaws added to existing unplugged holes  17 May 2005

Microsoft touts complete OneCare service

Subscription-based security software promises to protect PCs  13 May 2005

Security

The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!