Reported August 14, 2001, by Microsoft.


  • Microsoft Windows 2000 Server

  • Microsoft Windows 2000 Advanced Server

  • Microsoft Windows 2000 Datacenter Server

  • Microsoft Windows NT Server 4.0

  • Microsoft Windows NT Server, Enterprise Edition


A memory leak condition exists in the way certain Windows OSs (see above) process new postings when using the Network News Transfer Protocol (NNTP) service. If an attacker sends a large number of posts of a particular construction, those posts can deplete the server’s available memory and disrupt service. A user can reboot the server to resume normal service. Only servers that accept new postings are vulnerable to this condition.



The vendor, Microsoft, has released security bulletin MS01-043 to address this vulnerability and recommends that users apply whichever of the following patches is relevant to their system:


Windows NT 4.0 Server and Enterprise Server


Windows 2000 Server and Advanced Server


Windows 2000 Datacenter Server patches are hardware-specific and available only through the OEM.


Discovered by Aiden ORawe.