Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
iAntiVirus for Mac OS X
PC Tools Security for Netbooks
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
PC Tools Disk Suite
Help me choose
Malformed PPTP Packet Stream Vulnerability New
A security vulnerability exists in Microsoft® Windows NT® 4.0 servers that provide secure remote sessions which could allow an attacker to prevent an affected machine from providing useful service.
Issue
The PPTP service in Windows NT 4.0 has a flaw in a part of the code that handles a particular type of data packet, which results in a leak of kernel memory. If a sufficient number of packets containing a specific malformation were received by an affected server, kernel memory would eventually become exhausted. The likely outcome would be that the server would either hang or fail altogether. In either case, the machine would need to be rebooted to restore normal operation, and any PPTP sessions underway at the time would be lost. It would not be necessary for the attacker to establish a valid PPTP session in order to exploit the vulnerability.
The vulnerability does not threaten the security of the data within PPTP sessions in any way – it is strictly a denial of service vulnerability. Only machines running the PPTP service would be affected by this vulnerability (the service does not run by default). Windows 2000 machines, even ones running PPTP, would not be affected by this vulnerability.
Affected Products
- Windows NT 4.0
Download
Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27836
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: February 15, 2001
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
