Reported July 27, 2000 by PGP Security and Sir Dystic of cDc

VERSIONS AFFECTED
  • Microsoft Windows NT 4.0 Workstation
  • Microsoft Windows NT 4.0 Server
  • Microsoft Windows NT 4.0 Server, Enterprise Edition
  • Microsoft Windows NT 4.0 Server, Terminal Server Edition
  • Microsoft Windows 2000

DESCRIPTION

By sending a specifically designed NetBIOS packet to
susceptible Windows machines, those machine can be made to relinquish their names or fail to successfully register their names on the network. Such an attack would render the machine unavailable to users that attempt access via the machine's NetBIOS name.

VENDOR RESPONSE

Microsoft issued a FAQ, a Support Online article Q269239, and a patch for Windows 2000 to correct the problem. According to Microsoft's bulletin, patches will be available "shortly" for NT 4.0 series operating system, although no explanation for the delay was given.

User are urged to filter NetBIOS traffic (TCP 137, 138 and UDP 139) in order to prevent disruptions

CREDIT
Discovered by PGP Security and Sir Dystic of cDc