Security 10748 Published by

A core service running on all Windows 2000 domain controllers (but
not on any other machines) contains a flaw affecting how it processes
a certain type of invalid service request. Specifically, the service
should handle the request at issue here by determining that it is
invalid and simply dropping it; in fact, the service performs some
resource-intensive processing and then sends a response.

If an attacker sent a continuous stream of such requests to an
affected machine, it could consume most or all of the machine´s CPU
availability. This could cause the domain controller to process
requests for service slowly or not at all, and could limit the number
of new logons the machine could process and the number of Kerberos
tickets that could be issued.

Affected Software:
Microsoft® Windows® 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server

Download