COMMAND

    Out Of Band

SYSTEMS AFFECTED

    Win '95, NT

PROBLEM

    A denial of service attack is possible against Windows machines by
    sending  out  of  band  data  as  part  of a TCP connection.  This
    problem can be exploited in a new manner that is not protected  by
    the initial Microsoft  hot-fix or NT  4.0 service pack  3 solution
    to the problem.

    Affested  are  all  currently  NT  versions  including  those with
    service  pack  3  installed.   Causes  complete  system crash.  On
    Windows 95 causes loss of networking.

    A denial of service attack  involving sending of out of  band data
    was  published  on  security  mailing  lists  on  May  9th,  1997.
    Microsoft published a hot-fix for this problem (MS Knowledge  Base
    Document Q143478), and included a  patch for this problem as  part
    of Windows  NT 4.0  service pack  3.   These patches corrected the
    problem for the  published exploits when  run on Unix  and Windows
    platforms,  but  did  not  correct  the  problem for the published
    Macintosh based exploits.   Analysis of the packets  revealed that
    the Macintosh  TCP stack  sets a  different value  for the  urgent
    pointer field  in the  TCP header  than standard  Unix and Windows
    based  protocols.   The  patches  for  the  problem  provided   by
    Microsoft are  inadequate to  prevent a  denial of  service attack
    when  this  field  is  set   in  a  manner  consistent  with   the
    Macintosh's TCP stack.  It is  important to note that any Unix  or
    Windows  box  is  capable  of  exploiting  this problem, it is not
    limited to originating  from a Macintosh.   Text here is  based on
    ISS Alert Advisory.

SOLUTION

    A new updated  hotfix has been  released for the  OOB data attack.
    Get it for NT4 from:

        ftp://ftp.microsoft.com

    by following the path

        /bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/oob-fix/oobfix_i.exe

    and for NT3.51 from:

        ftp://ftp.microsoft.com
        /bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/oob-fix/TCP351I.EXE

    This issue for Win '95 is resolved by the following updated files
    for Windows 95 (all releases):

        * Vtcp.386 version 4.00.0954 (dated 05/14/97) and later
        * Vnbt.386 version 4.00.0959 (dated 05/15/97) and later

    To do this, download the Vtcpupd.exe file (available for  download
    from the Microsoft Software Library).