VPN Flaw Could Clear Way for Hackers

Austrian security company says flaw in VPN service included with Windows 2000 and XP could let attackers through corporate firewalls.

There is a serious flaw in the VPN service included with Windows 2000 and XP that could provide an attacker with a clear path through corporate firewalls, according to an Austrian security company.

The VPN (virtual private network) client and server that ship with Windows 2000 and XP use the PPTP (point-to-point tunneling protocol) for secure transmissions between remote clients and the server inside the firewall. Researchers at Phion Information Technologies have found a way to send a specially crafted PPTP packet to the server, which results in a buffer overrun.

The exploit would result in the attackers data overwriting a portion of the machines kernel memory, Phion said in its bulletin.

However, a Microsoft spokesman said the companys Security Response Center has been unable to reproduce the code-execution exploit. As of Friday afternoon, the company was still investigating the issue.

Phion also said it had used the exploit to cause a denial-of-service on machines running Windows 2000 Service Pack 3 or XP.

Microsoft has not issued a patch for the vulnerability.

If what Phion says is true, the vulnerability is potentially a very damaging one. VPNs are typically used by remote corporate workers who need secure access to their companies networks. An attacker exploiting this flaw would have a clear, secure tunnel directly into the heart of a vulnerable network.

Phion posted its advisory to the BugTraq security mailing list Thursday.

Related Stories:

  • FrontPage Flaw Lets Hackers In
  • Microsoft Posts Steps to Change XP Keys
  • More Security Coverage