Newsgroup service in Windows could trigger attacks

IIS wasn't the only Microsoft Corp. product fingered for security flaws last week. The company also said a hole in a newsgroup service that comes with Windows and its Exchange messaging server could be used to launch denial-of-service attacks against some systems.

The problem occurs in the Network News Transport Protocol (NNTP) service in Windows NT 4.0, Windows 2000 and Exchange 2000, Microsoft said. NNTP is a standard protocol for posting, distributing and archiving news articles via Internet-based servers.

The vulnerability results from a memory leak in a program that processes news postings sent over the Internet, according to a Microsoft advisory. Postings that are constructed in a particular manner and sent to an affected server would trigger the memory leak, said Scott Culp, a Microsoft security manager. By sending a sufficient number of such malformed postings to an affected server, Culp added, an attacker could deplete the server's available memory and bring down a system.

Any NNTP news server that accepts postings from the Internet and is running the affected software is vulnerable to such attacks, Microsoft cautioned. But the company issued a patch that it claims will eliminate the problem by properly deallocating memory after a posting is processed.

One mitigating factor is that the NTTP service doesn't run by default on Windows or Exchange, Culp said.

Also minimizing the potential impact of the NNTP flaw is the fact that most large newsgroup servers aren't Windows-based, said Russ Cooper, an analyst at security firm TruSecure Corp. in Reston, Va.

"It's an issue that doesn't affect a very large number of people," Cooper said. But for those users who are running a Windows-based NNTP service, he added, "the message here is [to] get the patch."

Microsoft said the vulnerability doesn't let attackers take administrative control of systems or tamper with data stored on vulnerable servers. Administrators whose systems are attacked can restore service by shutting down the IISAdmin service and restarting the affected machines.

Memory leaks such as the one in the NNTP service are caused when a particular process requests additional memory from the operating system to perform a task and then fails to return the memory when the job is complete.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MicrosoftTruSecure

Show Comments