Several Windows 2000 Services Subject to DoS
Reported June 30 Reported June 30 by Max Degtyar, Mike Murray, and Richard Reiner of SecureXpert Labs

VERSIONS EFFECTED
Several Windows 2000 Services

DESCRIPTION

Windows 2000 can be made to use 100% CPU cycles by sending a stream of zeros to any of several listening ports, which include TCP service ports for echo, discard, FTP, Telnet, as well as UDP service ports for DNS, NetBIOS, and many others.

DEMONSTRATION

Test the bug by using a tool such as netcat along with an input of /dev/zero. For example, the following netcat command will perform an attack against UDP port 53:

nc  -u  target.host  53  <  /dev/zero

VENDOR RESPONSE

On July 14th we received an official response from Microsoft"s Security Reponse Center, quoted below:

The Microsoft Security Response Center has worked extensively with SecureXpert to investigate their report. However, we have not been able to cause a machine to respond as their report describes. We have asked SecureXpert for additional information, and will continue our investigation when we receive it.

We"ll update this report upon the receipt of further information.