OS flaws in leading software

OS flaws in leading software

Newly reported flaws in two market-leading sets of operating systems could leave routers, PCs and servers vulnerable to attack.

A buffer overrun in Microsoft Corp.'s remote procedure call interface to its Windows operating systems would let attackers execute code on a compromised machine. Microsoft called this vulnerability critical and posted downloadable patches at the Microsoft Download Center.

Cisco Systems Inc. of San Jose, Calif., today announced a problem with its Internetwork Operating System on the vast majority of Cisco devices operating in IP Version 4 environments. The flaw could fool routers and other devices into shutting down network interfaces. Cisco has released patches and workaround information in an advisory.

Microsoft's buffer overrun problem affects Windows NT 4.0, NT Terminal Services Edition, Windows 2000, Windows XP and Windows Server 2003. The Homeland Security Department this week announced a $110 million enterprisewide contract to license the latest Microsoft software (see story at www.gcn.com/vol1_no1/daily-updates/22743-1.html).

The X-Force laboratory of Internet Security Systems Inc. of Atlanta called the vulnerability 'an enormous threat. Exploitations of this vulnerability should not be considered trivial. Due to the potential impact, threats could quickly surface.'

The Cisco flaw affects IOS versions 11 and 12 through 12.2. Versions 12.3 and higher are not affected, and devices operating only in IPv6 environments should not be vulnerable, either.

Devices running the affected software can be fooled by a specific sequence of abnormal IPv4 packets into thinking that the input queue for a network interface is full, so they shut down routing and address resolution protocols. Vulnerable Cisco devices can be specifically targeted, or attacks could be broadcast, the X-Force group said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected