OS flaws in leading software

OS flaws in leading software

Newly reported flaws in two market-leading sets of operating systems could leave routers, PCs and servers vulnerable to attack.

A buffer overrun in Microsoft Corp.'s remote procedure call interface to its Windows operating systems would let attackers execute code on a compromised machine. Microsoft called this vulnerability critical and posted downloadable patches at the Microsoft Download Center.

Cisco Systems Inc. of San Jose, Calif., today announced a problem with its Internetwork Operating System on the vast majority of Cisco devices operating in IP Version 4 environments. The flaw could fool routers and other devices into shutting down network interfaces. Cisco has released patches and workaround information in an advisory.

Microsoft's buffer overrun problem affects Windows NT 4.0, NT Terminal Services Edition, Windows 2000, Windows XP and Windows Server 2003. The Homeland Security Department this week announced a $110 million enterprisewide contract to license the latest Microsoft software (see story at www.gcn.com/vol1_no1/daily-updates/22743-1.html).

The X-Force laboratory of Internet Security Systems Inc. of Atlanta called the vulnerability 'an enormous threat. Exploitations of this vulnerability should not be considered trivial. Due to the potential impact, threats could quickly surface.'

The Cisco flaw affects IOS versions 11 and 12 through 12.2. Versions 12.3 and higher are not affected, and devices operating only in IPv6 environments should not be vulnerable, either.

Devices running the affected software can be fooled by a specific sequence of abnormal IPv4 packets into thinking that the input queue for a network interface is full, so they shut down routing and address resolution protocols. Vulnerable Cisco devices can be specifically targeted, or attacks could be broadcast, the X-Force group said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • data science (chombosan/Shutterstock.com)

    4 steps to excellence in data analysis

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group