Users login

Create an account »


Users login

Home » Hacking News » Flaw in NNTP could paralyze Windows systems

Flaw in NNTP could paralyze Windows systems

by ivy on August 15th, 2001 A flaw in the NNTP (Network News Transport Protocol) service in Microsoft Corp.'s Windows NT and Windows 2000 could allow malicious attackers to paralyze the server, Microsoft said in a security bulletin Tuesday.

An attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service, Microsoft said in its first security alert after the large-scale Code Red alarm. This type of flaw is called a memory leak.

The NNTP vulnerability, a denial of service vulnerability, does not allow attackers to gain control of the system or get access to any data on the system, Microsoft said.

NNTP is an industry standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used, for example, for the Internet discussion group, or newsgroup, service known as Usenet.

Microsoft's NNTP service is installed by default on Windows 2000 servers and is run by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings, Microsoft said.

An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said.

You can find the patch to fix the flaw here


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »