A flaw in Microsoft Corp.'s Point-to-Point Tunneling Protocol (PPTP) used to secure VPN (virtual private networks) leaves corporate intranets open to attack from outside, according to German IT security company Phion Information Technologies GmbH.
In a security advisory Thursday, Phion said that the Microsoft PPTP Service shipping with Windows 2000 and Windows XP contains a remotely exploitable pre-authentication buffer overflow. This enables a specially crafted PPTP packet to overwrite kernel memory, such that a denial of service attack can lock up the server. This has been verified on Windows 2000 SP3 and Windows XP, Phion said in the advisory.
Microsoft has not yet confirmed the flaw.
Phion said that VPN clients are also vulnerable as the PPTP service continually listens on an I/O port, making always-on DSL (Digital Subscriber Line) clients particularly vulnerable, Phion said.
Phion said that Windows XP clients can be temporarily protected by firewalling the PPTP port in the Internet Connection Firewall. The company said it didn't know of any solution for Windows 2000 and Windows XP PPTP servers.
Sidekick: The Good News & the Bad News Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Surviving Windows is easier than you think… MKS offers the power of an integrated all-in-one environment and provides you with the Power of UNIX on Windows Learn More
Brought to you by:
contests & free stuff
We have 5 copies of these two new books to give to some lucky readers. The deadline for entries is November 30, 2009.
AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.
In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases
built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC
technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability
and performance at a fraction of traditional cost.
On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.
Esther Schindler
claird
pasmith
Sandra Henry-Stocker
jfruh
mikelgan
Quick, practical advice for IT pros. Made fresh daily.
