Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Malformed IPX Ping Packet Vulnerability
A security vulnerability exists in Microsoft® Windows 95, 98 and 98SE which could be used to cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data.
Issue
The Microsoft IPX/SPX protocol implementation (NWLink) supports the IPX Ping command via the diagnostic port 0x456. Because of a flaw in the implementation of the protocol in Windows 95, Windows 98 and Windows 98 Second Edition, NWLink in these systems will respond to an IPX ping packet even when the source network address has been purposely modified to a broadcast address. This would give a malicious user an opportunity to launch an attack by broadcasting a single ping request - each affected machine that received the ping would respond to it, potentially resulting in a broadcast storm. In a large network, this could temporarily swamp the network's bandwidth. In addition, upon seeing its own response, each affected machine would attempt to process it, triggering a scenario that would culminate in the machine's failure. A machine that failed due to this vulnerability could be put back into service by rebooting.
IPX is not installed by default in Windows 98 and 98 Second Edition, and is only installed by default in Windows 95 if there is a network card present in the machine at installation time. Even when IPX is installed, a malicious user's ability to exploit this vulnerability would depend on whether he could deliver a Ping packet to an affected machine. Routers frequently are configured to drop IPX packets, and if such a router lay between the malicious user and an affected machine, he could not attack it. Routers on the Internet, as a rule, do not forward IPX packets, and this would tend to protect intranets from outside attack, as well as protecting machines connected to the Internet via dial-up connections.
Affected Products
- Windows 95, 98 and 98SE
Solution
Software patches are available from the following locations:
- Microsoft Windows 95:
http://download.microsoft.com/download/win95/Update/8982/W95/EN-US/265334US5.EXE - Microsoft Windows 98 and Windows 98 Second Edition:
http://download.microsoft.com/download/win98/Update/8982/W98/EN-US/265334USA8.EXE
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: August 3, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
