August 15, 2001, 9:43 AM — A flaw in the NNTP (Network News Transport Protocol) service in Microsoft Corp.'s Windows NT and Windows 2000 could allow attackers to paralyze the server, Microsoft said in a security bulletin.
An attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service, Microsoft said in its first security alert after the large-scale Code Red alarm. This type of flaw is called a memory leak.
The NNTP vulnerability, a denial of service vulnerability, does not allow attackers to gain control of the system or get access to any data on the system, Microsoft said.
NNTP is an industry standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used, for example, for the Internet discussion group, or newsgroup, service known as Usenet.
Microsoft's NNTP service is installed by default on Windows 2000 servers and is run by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings, Microsoft said.
An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said.
A patch to fix the flaw is available from Microsoft's TechNet Web site:
Microsoft, in Redmond, Washington, can be reached at +1-425-882-8080, or online at http://www.microsoft.com.