COMMAND

    telnet service

SYSTEMS AFFECTED

    Windows 2000

PROBLEM

    Following is based on a Security Point Advisory #003.  This  paper
    is for  educational purpose  only, Security  Point(R) will  not be
    responsible  for  any  damages  whatsoever  that have a connection
    with the information written in this paper.

    After  coding  a  vulnerability  scanner  for the security hole in
    most telnet daemons under UNIX it was found that the Windows  2000
    Telnet service  to be  vulnerable to  a Denial  of Service attack.
    This was  tested against  a Windows  2000 Service  Pack 2  and all
    single patches applied.  See the scanner under:

        http://oliver.efri.hr/~crv/security/bugs/mUNIXes/telnet16.html

    This utility is meant to scan for the AYT vulnerability in  telnet
    daemons build upon the BSD source.

SOLUTION

    Temporary solution is to disable telnet service. Do the following:

        Start->Control-Panel->Administrative-Utils->Services

    Find the telnet  service and select  disable.  Microsoft  has been
    notified on this issue and we are awaiting patch information.