Microsoft Confirms TCP/IP Flaw

by CXOtoday Staff    May 20, 2005

Microsoft has confirmed a new vulnerability that affects its TCP/IP, a network component of Microsoft Windows.

Responding to reports of a flaw, Microsoft has released its first security advisory in which it has stated that the company is not aware of any attacks attempting to use the reported vulnerability.

According to the advisory, various TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections.

Those connections would have to be reestablished for communication to continue. This denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights. We do not consider this to be a significant threat to the security of the Internet. This is similar to other TCP connection reset issues.

Changes made during the development of Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and the MS05-019 security update eliminated this vulnerability. If users have installed any of these updates, these updates already help protect them from this vulnerability and no additional action is required.

According to the advisory, for an attacker to try to exploit this vulnerability, they must first predict or learn the IP address and port information of the source and of the destination of an existing TCP network connection. Protocols or programs that maintain long sessions and that have predictable TCP/IP information are at an increased risk for this issue.

This attack would have to be performed on each TCP connection that was targeted for reset. Many applications will automatically restore connections that have been reset.

This issue does not affect Windows 98, Windows 98 SE, or Windows Millennium Edition.

Tags: flaw