Security Guide for Windows - Netmon Protocol Parsing Vulnerability

Guides
Products
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- iAntiVirus for Mac OS X
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- PC Tools Disk Suite
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Download
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- PC Tools Firewall Plus
- ThreatFire
- Spam Monitor
- iAntiVirus for Mac OS X
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- PC Tools Disk Suite
- Business Solutions
- Spyware Doctor Enterprise
- Help me choose
Purchase
- Security Products
- Spyware Doctor
- Spyware Doctor with AntiVirus
- PC Tools AntiVirus
- PC Tools Internet Security
- ThreatFire
- Spam Monitor
- iAntiVirus for Mac OS X
- Utility Products
- Registry Mechanic
- Desktop Maestro
- File Recover
- Privacy Guardian
- PC Tools Disk Suite
- Help me choose
Support
- Online Support
- Lost Code
Company
- Awards
- Careers
- Community Forum
- Contact
- Labs
- News
- Partners
- Press Room
- Industry News


	Features Registry Guide Software Guide Scripting Guide Driver Guide Support Forums Newsletters Password Tool Downloads Dictionary Spyware Doctor PC Tools AntiVirus Firewall Plus


	Newsletter Receive regular Windows® updates Your privacy is ensured by our privacy policy

Security Home > BackOffice Software

Netmon Protocol Parsing Vulnerability

A security vulnerability exists in Microsoft® Windows NT® and Windows® 2000 server products and Systems Management Server which could allow a malicious user to gain control of an affected server.

Issue

Microsoft ships two versions of Network Monitor (Netmon): a basic version that ships with Windows NT 4.0 and Windows 2000 server products, and full version that ships as part of Systems Management Server (SMS) 1.2 and 2.0. Both versions include protocol parsers that aid administrators in interpreting and analyzing previously-captured network data. However, several of the parsers have unchecked buffers. If a malicious user delivered a specially-malformed frame to a server that was monitoring network traffic, and the administrator parsed it using an affected parser, it would have the effect of either causing Netmon to fail or causing code of the malicious user’s choice to run on the machine.

Netmon requires administrative privileges to run, but should only be run by local, rather than domain, administrators. If this is done, the vulnerability could be used to gain complete control over the local machine, but could not be used to gain control over a domain. Netmon does not ship on workstation products, so unless SMS had been installed on a workstation, it would not be affected by this vulnerability.

Affected Products

Windows NT Server, Windows 2000 Server, Systems Management Server 1.2 & 2.0

Solution

A software patch is available for the following products:

Microsoft Windows NT 4.0 Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25487
Microsoft Windows 2000 Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25485
Microsoft Systems Management Server 1.2:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25505
Microsoft Systems Management Server 2.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25514

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: November 1, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<

Search Guides

Issue

Affected Products

Solution

Further Details