|
|
|
|
| |
| Microsoft has released a patch that eliminates a security vulnerability in NetMeeting, an application that ships with Microsoft Windows 2000 and is also available as a separate download for Windows NT 4.0. The vulnerability allows a malicious user to temporarily prevent an affected machine from providing any NetMeeting services and possibly consume 100% CPU utilization during an attack. |
| |
Credit:
The information has been provided by Microsoft Product Security.
|
| |
Affected Software Versions:
NetMeeting Version 3.01 (4.4.3385) on Windows 2000 or Windows NT 4.0.
A remote denial of service vulnerability has been discovered in a component of NetMeeting. The denial of service can occur when a malicious client sends a particular malformed string to a port that the NetMeeting service is listening on and with Remote Desktop Sharing enabled.
Although the NetMeeting application is provided as part of Windows 2000 products, the application and affected component is not enabled by default, and customers who have not enabled it would not be at risk from this vulnerability.
Patch Availability:
- Windows 2000 and Windows NT 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25029
What's the scope of the vulnerability?
This is a Denial of Service vulnerability. A malicious user could use the vulnerability to temporarily cause the NetMeeting application on an affected machine to stop responding to client during an attack. NetMeeting services will return to normal once an attack has terminated or by terminating the NetMeeting application.
By default, NetMeeting or Remote Desktop Sharing is not enabled on Windows 2000, is an extra download for Windows NT 4.0, and only customers who have enabled it would be at risk from this vulnerability. The vulnerability could be used to deny NetMeeting services, but could not be used for any broader attack - that is, it could not be used to compromise data on an affected server or usurp administrative control.
What causes the vulnerability?
A flaw in a NetMeeting that drives CPU utilization to 100% and causes the application to hang when sent a particular malformed input string from a malicious client machine.
What is NetMeeting?
NetMeeting is an application included with Windows 2000 (or can be downloaded from http://www.microsoft.com/netmeeting for Windows NT 4.0) that enables real-time audio, video, and data communication over the Internet.
The feature of NetMeeting at issue in this vulnerability is Remote Desktop Sharing.
What's the problem with the NetMeeting Application?
The affected version of NetMeeting, with Remote Desktop Sharing enabled, does not correctly handle a particular kind of malformed input string sent to it from a client. If such data were received by an affected system, it could temporarily cause the NetMeeting application to hang and temporarily drive CPU utilization to 100%.
What would be the effect of the NetMeeting application failing?
If the NetMeeting application temporarily failed, it would cause any existing NetMeeting sessions to fail, with the loss of any work that was in progress at the time. It could also hinder the affected machine from performing other tasks due to 100% CPU utilization during an attack.
Is NetMeeting running by default in Windows 2000 or Windows NT 4.0?
The NetMeeting application is not enabled by default on a standard Windows 2000 installation and needs to be downloaded for Windows NT 4.0.
Who could exploit this vulnerability?
Any malicious user who could send data to an affected machine could exploit the vulnerability. If an affected machine were directly connected to the Internet, the vulnerability could be exploited remotely; on the other hand, an affected machine that provided NetMeeting services only within an Intranet could only be attacked by an Intranet user.
Note: NetMeeting listens on port 1720 - if that were blocked on corporate firewalls Intranet users would not be affected by this vulnerability from an external attack.
Who should use the patch?
Microsoft recommends that anyone who enables the NetMeeting application with the Remote Desktop Sharing service should install the patch.
Will the patch be included in Service Pack 2 for Windows 2000?
Yes. The patch can be applied to a machine with or without Service Pack 1.
Note: The same fix can be applied to a Windows NT 4.0 system as long as the product version matches what was noted in the Affected Product section of the bulletin.
How do I use the patch?
Knowledge Base article Q273854 contains detailed instructions for applying the patch to your site
How can I tell if I installed the patch correctly?
If the NetMeeting application temporarily failed, it would cause any existing NetMeeting sessions to fail, with the loss of any work that was in progress at the time. It could also hinder the affected machine from performing other tasks due to 100% CPU utilization during an attack.
|
|
|
|
|
|
|
