Windows DoS flaw made public

A well-known IP packet-handling problem has appeared in Windows, but Microsoft insists the vulnerability could only make machines run sluggishly if exploited
Written by Dan Ilett, Contributor

A security researcher published details of a denial-of-service vulnerability on Monday that he claims allows hackers to trash Microsoft Windows systems by trapping machines in a processing loop.

The researcher, who posted the vulnerability under the name Dejan Levaja, claims that sending IP packets containing the same source and destination information to Windows XP SP2 and 2003 systems will cause machines to crash.

"The system is not able to process this," said Thomas Kristensen, Secunia's chief technology officer. "It could bring them to a complete halt. You need special tools to do this, but it's easy to do."

The vulnerability is similar to an older bug found in 1997 within BSD. Secunia said these bugs are caused by improper handling of IP packets with the same destination and source IP, which causes a system to consume all available CPU resources.

The company added that the problem can be solved by implementing a firewall, but said that not everyone takes such safety measures.

"It's kind of serious if you have some systems that aren’t firewalled," said Kristensen. "Proper filtering would stop this. But some people don't have a firewall on their systems. They are certainly at an increased risk."

Microsoft, though, has denied that the vulnerability could be used to crash a PC.

"Our initial investigation has revealed that this reported vulnerability cannot be used by an attacker to run malicious software on a computer," said Microsoft in a statement.

"At this point, our analysis indicates the impact of a successful attack would be to cause the computer to perform sluggishly for a short period of time. Customers running the Windows Firewall, enabled by default on Windows XP Service Pack 2, are not impacted by this issue."

Editorial standards