Winsock Mutex Vulnerability New

A security vulnerability exists in Microsoft® Windows NT 4.0 which could allow a malicious user to run a special program to disable an affected computer’s network functionality.

Issue

Like all other objects under Windows NT 4.0, mutexes – synchronization objects that govern access to resources – have permissions associated with them, that govern how they can be accessed. However, a particular mutex used to govern access to a networking resource has inappropriately loose permissions. This could enable an attacker who had the ability to run code on a local machine to monopolize the mutex, thereby preventing any other processes from using the resource that it controlled. This would have the effect of preventing the machine from participating in the network.

The attacker would require interactive logon access to the affected machine. This significantly limits the scope of the vulnerability because, if normal security recommendations have been followed, unprivileged users will not be granted interactive logon rights to critical machines like servers. Unprivileged users typically are granted interactive logon rights to workstations and terminal servers. However, a workstation would not be a tempting target for an attacker, because he could only use this vulnerability to deny service to himself. The machines most likely to be affected would be terminal servers.

Affected Products

• Microsoft Windows NT 4.0 & NT 4.0 Terminal Server Edition

Solution

A software patch is available from the following locations:

• Windows NT 4.0:
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27272
• Windows NT 4.0, Terminal Server Edition:
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27291

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: January 24, 2001

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<