On May 16 Konrad Malewski reported to readers of the NTBugTraq mailing list that according to his tests Windows Server 2003 and Windows XP (even with all the latest operating system updates installed) are both vulnerable to Land attacks against IPv6. Malewski also reported that the Land attack works against IPv4 in Microsoft's next generation Windows platform (code named Longhorn) which is still in development. Malewski said that he notified Microsoft of his discoveries.
In somewhat related news, Microsoft issued an advisory on May 18, " Vulnerability in TCP Could Allow Connection Reset ," where the company said it is aware that a remote intruder could set abitrary timer values for a TCP connection, which could effectively be used to reset open TCP connections. According to Microsoft the problem is fixed on systems that use Windows XP SP2 and Windows Server 2003 SP1, or systems that have the MS05-019 security update installed. Microsoft also said that in June it will re-released MS05-019 to address another known network connectivity issues that affect Microsoft Terminal Server, Exchange Server, and some domain controllers.