There is a serious flaw in the VPN service included with Windows 2000 and XP that could provide an attacker with a clear path through corporate firewalls, according to an Austrian security company.
The VPN (virtual private network) client and server that ship with Windows 2000 and XP use the PPTP (point-to-point tunneling protocol) for secure transmissions between remote clients and the server inside the firewall. Researchers at Phion Information Technologies have found a way to send a specially crafted PPTP packet to the server, which results in a buffer overrun.
The exploit would result in the attackers data overwriting a portion of the machines kernel memory, Phion said in its bulletin.
However, a Microsoft spokesman said the companys Security Response Center has been unable to reproduce the code-execution exploit. As of Friday afternoon, the company was still investigating the issue.
Phion also said it had used the exploit to cause a denial-of-service on machines running Windows 2000 Service Pack 3 or XP.
Microsoft has not issued a patch for the vulnerability.
If what Phion says is true, the vulnerability is potentially a very damaging one. VPNs are typically used by remote corporate workers who need secure access to their companies networks. An attacker exploiting this flaw would have a clear, secure tunnel directly into the heart of a vulnerable network.
Phion posted its advisory to the BugTraq security mailing list Thursday.
- FrontPage Flaw Lets Hackers In
- Microsoft Posts Steps to Change XP Keys
- More Security Coverage