Users login

Create an account »


Users login

Home » Hacking News » Microsoft Security advisory MS01-011

Microsoft Security advisory MS01-011

by Phiber on February 23rd, 2001 A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a flaw affecting how it processes a certain type of invalid service request. Specifically, the service should handle the request at issue here by determining that it is invalid and simply dropping it; in fact, the service performs some resource-intensive processing and then sends a response....

If an attacker sent a continuous stream of such requests to an
affected machine, it could consume most or all of the machine's CPU
availability. This could cause the domain controller to process
requests for service slowly or not at all, and could limit the number
of new logons the machine could process and the number of Kerberos
tickets that could be issued.

Mitigating Factors:


- The machine would automatically resume normal processing
as soon as the stream of requests ceased.

- Although the attacker could, in theory, use the vulnerability
to completely deny service to network users, in practice the
attack rarely consumes more than 75% of the available CPU

- Users who were already logged on and were using previously
issued Kerberos tickets would not be affected by domain
controller unavailability.

- If there were multiple domain controllers on the domain, the
unaffected machines could pick up the other machine's load.
- If normal security practices have been followed, Internet
users would be prevented by firewalling and other measures
from levying requests directly to domain controllers.

Patch is available.

Download this advisory


Microsoft Technet

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »