September 27, 2002, 8:45 AM — A flaw in Microsoft Corp.'s Point-to-Point Tunneling Protocol (PPTP) used to secure VPN (virtual private networks) leaves corporate intranets open to attack from outside, according to German IT security company Phion Information Technologies GmbH.
In a security advisory Thursday, Phion said that the Microsoft PPTP Service shipping with Windows 2000 and Windows XP contains a remotely exploitable pre-authentication buffer overflow. This enables a specially crafted PPTP packet to overwrite kernel memory, such that a denial of service attack can lock up the server. This has been verified on Windows 2000 SP3 and Windows XP, Phion said in the advisory.
Microsoft has not yet confirmed the flaw.
Phion said that VPN clients are also vulnerable as the PPTP service continually listens on an I/O port, making always-on DSL (Digital Subscriber Line) clients particularly vulnerable, Phion said.
Phion said that Windows XP clients can be temporarily protected by firewalling the PPTP port in the Internet Connection Firewall. The company said it didn't know of any solution for Windows 2000 and Windows XP PPTP servers.
