VPN Flaw Could Clear Way for Hackers
Austrian security company says flaw in VPN service included with Windows 2000 and XP could let attackers through corporate firewalls.There is a serious flaw in the VPN service included with Windows 2000 and XP that could provide an attacker with a clear path through corporate firewalls, according to an Austrian security company. The VPN (virtual private network) client and server that ship with Windows 2000 and XP use the PPTP (point-to-point tunneling protocol) for secure transmissions between remote clients and the server inside the firewall. Researchers at Phion Information Technologies have found a way to send a specially crafted PPTP packet to the server, which results in a buffer overrun. The exploit would result in the attackers data overwriting a portion of the machines kernel memory, Phion said in its bulletin.
However, a Microsoft spokesman said the companys Security Response Center has been unable to reproduce the code-execution exploit. As of Friday afternoon, the company was still investigating the issue.