New TCP/IP Flaw Haunts Windows | eWeek

New TCP/IP Flaw Haunts Windows

Written By
Ryan Naraine
Ryan Naraine
May 18, 2005
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft on Wednesday issued a prepatch advisory to counter the publication of exploit code for a newly discovered vulnerability in its implementation of TCP/IP.

The Redmond, Wash., companys confirmation of the flaw is the first public test of the software giants new security advisories pilot project, which is meant to provide instant feedback, guidance and mitigations when third-party researchers release vulnerability details and exploits before a patch is available.

In this case, Microsoft Corp.s Security Advisory 899480 comes 24 hours after an alert with accompanying exploit code was published by FrSIRT (French Security Incident Response Team), a private research outfit.

“Various TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections. Those connections would have to be re-established for communication to continue,” Microsoft said in its advisory.

Microsoft said the threat was not considered significant, adding that it was unaware of any actual attacks exploiting the flaw.

“This denial-of-service vulnerability would not allow an attacker to execute code or to elevate their user rights.”

The Microsoft Security Response Center said the flaw affects users of Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP Service Pack 1, Windows XP 64-Bit Edition Service Pack 1 (Itanium), Windows XP 64-Bit Edition Version 2003 (Itanium), Windows Server 2003 and Windows Server 2003 for Itanium-based systems.

According to the advisory, changes made during the development of Windows XP SP2 (Service Pack 2) and Windows Server 2003 Service Pack 1 have eliminated the vulnerability.

Microsoft said the recently released MS05-019 bulletin provides protection from this attack vector, but that guidance appears to contradict the initial warning from FrSIRT that Microsofts patch fixed only one variant of the vulnerability.

But there are known problems with the MS05-019 bulletin, which contains patches that have caused major connectivity problems for network administrators. Microsoft plans to rerelease the bulletin to correct errors that range from the inability of Exchange servers to talk to their domain controllers; failure of domain controller replication across WAN (wide area network) links; and the inability to connect to terminal servers or to file sharing access.

In the meantime, Microsoft recommends that users disable the TCP Timestamp Option registry setting to block potential denial-of-service attacks.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.