Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Microsoft Network Monitor Software Vulnerable to Multiple Overflows
Microsoft has released a security bulletin and patches to address a vulnerability in the "protocol parser" feature of Network Monitor
Steve Manzuik
October 31, 2000
1 Min Read
Reported November 1, 2000 by Microsoft VERSIONS AFFECTED DESCRIPTIONMicrosoft has released a security bulletin and patch to address a security vulnerability that could allow a malicious user to gain control of an affected server. Network Monitor, shipped with SMS Server 1.2, 2.0 and Windows 2000 Server versions, contains a protocol parser that aids in interpreting and analyzing previously captured network data. If a malicious user was to send a specially crafted frame to a server that was monitoring network traffic it would cause an overflow that would cause Network Monitor to crash and allow the malicious user to launch arbitrary commands. VENDOR RESPONSE Microsoft has released a security bulletin, MS00-0083. Multiple patches are also available; Microsoft Windows NT 4.0 Server and Windows NT 4.0 Server, Enterprise Edition:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25487 Microsoft Windows NT 4.0 Server, Terminal Server Edition: To be released shortly. - Microsoft Windows 2000 Server, Advanced Server and Datacenter Server:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25485 Microsoft Systems Management Server 1.2: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25505 Microsoft Systems Management Server 2.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25514 CREDITDiscovered by NAI Labs, and ISS X-Force |
Read more about:
MicrosoftAbout the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)