Irresponsible disclosure reveals unpatched Windows DoS vulnerability


Today, Microsoft updated a recently released security advisory warning of an unpatched, albeit minor, Denial of Service (DoS) vulnerability that affects Microsoft Windows 2000 and Windows XP (Pre-SP2). Microsoft's advisory doesn't describe exactly what causes this vulnerability. It does, however, warn that a remote attacker can exploit the flaw by sending a specially crafted Remote Procedure Call (RPC) request that causes your machine to temporarily consume all of its memory. By repeatedly sending such a request, the attacker could prevent you from using your machine. Since the flaw's finder released his exploit without first telling Microsoft, they haven't had time to create a patch. WatchGuard Wire: RSS Feed | WatchGuard Technologies, Inc.

Linked by shanmuga Monday, 21st November 2005 11:31PM