Microsoft patches NT flaw used to bring down its Website - again

One week after patching a bug in Internet Information Server (IIS) that let hackers crash its Web site, Microsoft posted a new patch this week to fix a Windows NT flaw that enabled fresh attacks to take down Microsoft's Web site periodically on Sunday and Monday. A Microsoft spokesman attributed visitors' trouble in accessing its Web site to service upgrades. But in fact, the main access problem was due to an attack by malicious users known as the 'ping-of-death'.

One week after patching a bug in Internet Information Server (IIS) that let hackers crash its Web site, Microsoft posted a new patch this week to fix a Windows NT flaw that enabled fresh attacks to take down Microsoft's Web site periodically on Sunday and Monday.

A Microsoft spokesman attributed visitors' trouble in accessing its Web site to service upgrades. But in fact, the main access problem was due to an attack by malicious users known as a "ping-of-death," says Mike Nash, director of product marketing for Windows NT Server.

"What we discovered was that in Windows NT Server and Windows 95, if you intentionally send a malformed packet at the IP level, the server can become hung in the same way that Unix servers got hung using the ping-of-death," Nash says.

Microsoft engineers isolated a fix for the problem late Monday, and the company posted a patch to its Web site late Tuesday afternoon. The fix detects malformed packets and works around them rather than trying to put the packets back together, Nash says.

Monday's attack was different than the IIS attack two weeks ago in which hackers sent malicious URLs 8,000 or more characters long that caused the Web server to pause, Nash says.

Microsoft's troubles are more than just a nuisance to many users who have become accustomed to downloading patches, programs, and product information from the company's extensive Web site. One customer was disappointed with the service on Monday.

"We, the users, have given lots of billions [of dollars] to Microsoft. How about giving something back to the users? I've been trying to download patches for their Windows 95 bugs," said the user in a letter to InfoWorld Electric.

"This really is not a problem unique to Microsoft," Nash says. "This is simply a form of vandalism. It's no more appropriate to send bad packets to a server than it is to spray-paint the glass of a [building]."

However, Microsoft was not aware of this NT vulnerability prior to the attack, Nash says, so the attack was helpful in the sense that it spurred a fix, which is at:

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/icmp-fix/.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]