Patch Issued for W2K Domain Controller Memory Leak

A loophole in the Windows 2000 will allow both internal and external attacks to take lower domain controller, according to a Microsoft security bulletin sent late Tuesday.

Sweden, the so-called Internet security company defcom reported problems, Microsoft and help solve the problem.

"Core services running on a Windows 2000 domain controller contains a memory leak, it can be triggered when it attempted to process a certain type of invalid service requests," Microsoft Notice the full text of the security. Because it is a core service for the domain controller, it can not be closed, in order to prevent this problem.

Should take advantage of this vulnerability, the attacker will be issued them invalid request repeatedly consumption of available memory on the server. The attack could domain controller and insensitive handling Sign issued a new request or Kerberos tickets.

Boot patch, Microsoft, the company said it also maintained a normal safety practices, such as the deployment of a firewall to prevent outside users sent at the request of the domain controller. However, the vulnerability can also be used from the enterprise network.

The bug affects Windows 2000 Server, Windows 2000 Advanced Server and Windows 2000 servers in the data center running as a domain controller computer, but does not affect Windows NT 4.0 server.

Fixes Microsoft plans to launch with Windows 2000 Service Pack 3.

Microsofts security bulletin, on the 24th this year, can be found here. -- Other recent Safety News: sadmind / illegal immigrants worms unpatched system anti-virus companies released the list of popular virus in April illegal immigrants on the 5th vulnerabilities could allow the non - authorized control w2k Microsoft confirmed the vulnerability in the ISA Server 2000