Go Back   The Scream! > COMPUTER RELATED > PC Security

Reply
 
Thread Tools Display Modes
  #1  
Old 31-March-2003, 09:20
silver's Avatar
silver silver is offline
 
Join Date: Apr 2001
Location: Bournemouth, UK
Posts: 12,177
Default Microsoft Unable to Patch Windows NT Flaw

from compwire

Microsoft Corp has said that it is unable to patch a security flaw in its Windows NT 4.0 operating system that could lead to a denial of service attack, due to the product's "architectural limitations".


The company's latest security bulletin outlines a vulnerability in the Remote Procedure Call protocol Endpoint Mapper process that could enable an attacker to initiate a denial of service attack via TCP/IP port 135. The flaw could enable an attacker to cause machines to fail, although they would not be able to modify or retrieve data or execute code, the company said.

The vulnerability has been rated by Microsoft as "important" and affects Windows NT 4.0, Windows 2000 and Windows XP. But while the company has issued patches to fix the later versions of its operating system, it said it was unable to provide a patch for Windows NT 4.0.

"Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0," said the company in its security bulletin. "The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability."

Instead the company has urged Windows NT 4.0 users to protect their systems with a firewall that blocks port 135. "The Windows NT 4.0 architecture is much less robust than the more recent Windows 2000 architecture," the company said. "Due to these fundamental differences between Windows NT 4.0 and Windows 2000 and its successors, it is infeasible to rebuild the software for Windows NT 4.0."

The company explained that to fix the vulnerability "would require re-architecting a very significant amount of the Windows NT 4.0 operating system. The product of such a re-architecture effort would be sufficiently incompatible with Windows NT 4.0 that there would be no assurance that applications designed to run on Windows NT 4.0 would continue to operate on the patched system."

While Windows 2000 and Windows XP users are able to download a patch from Microsoft's TechNet web site, it looks like Windows NT 4.0 users have little choice but to opt for the firewall workaround. "Microsoft has extensively investigated an engineering solution for NT 4.0 and found that the Windows NT 4.0 architecture will not support a fix to this issue, now or in the future," the company concluded.
what would be the point of upgrading if all the bugs were fixed

Sil
Reply With Quote
Reply

Tags
abuse, blocking, company, computer, dhcp, dns, email, hijack, home, international, lookup, mail, network, port, product, security, software, web, windows, zone

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 20:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!