ResetBrowser Frame and HostAnnouncement Frame Vulnerabilities

These vulnerabilities could allow a malicious user to make it difficult or impossible for other users to locate services and computers on a network; in the worst case, it could allow the attacker to provide incorrect information about the same services and computers.

Issue

The ResetBrowser Frame vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser.

The HostAnnouncement Flooding vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume most or all of the network bandwidth and cause other problems in processing the table as well.

Affected Products

• Windows NT/2000

Solution

Software patches are available from the following locations:

• Windows NT 4.0 Workstation, Server, and Server, Enterprise Edition:
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397
• Windows 2000:
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21298

Then follow the instructions at http://www.pctools.com/guides/registry/details/789/ to control the function through the registry.

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: May 25, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<