Microsoft Corp. Wednesday said that a new flaw in its Windows 2000 Server software can lead to a Denial of Service (DoS) attack. The bug was the second DoS flaw in Windows 2000 announced this month.
The flaw, which affects Windows 2000 Server, Advanced Server and Datacenter, is the result of a memory leak in Window 2000's Kerberos service. Kerberos is a method of authenticating requests for service by other computers, especially important in servers. When a certain type of information is repeatedly sent to the server, a memory flaw in the domain controller of Windows 2000, a key component for authenticating requests for service, will cause the server to run out of available memory, leaving it unable to perform any other operations. Restarting the system will bring the server back online.
The problem was discovered by Defcom Labs in late January, who notified Microsoft at the time, according to an e-mail about the vulnerability sent out by Defcom's Peter Gründl.
Microsoft released a security bulletin and a patch for the problem Wednesday.
The vulnerability follows on the heels of a more serious flaw in Windows 2000 Server that was reported in early May. That bug allowed an attacker to gain complete control over unpatched Windows 2000 systems.