Microsoft has issued a patch for a Windows NT security hole that malicious users could exploit to mount denial-of-service attacks to servers.
The NT flaw allowed a user to send bad, or "spoofed", Remote Procedure Call (RPC) datagram packets to a server, disguised as though they came from another server. The two servers would then send RPC error messages back and forth, creating a CPU- and bandwidth-eating loop until the "bad" packets were discarded. The potential for trouble lies in the event that multiple packets are sent simultaneously.
The security hole affects Windows NT 4.0, as well as the Terminal Server Edition of NT 4.0. Microsoft posted patches at its security Web site, http://www.microsoft.com/security/, this week.
Microsoft officials said that "spoof" attacks are easy to detect with network analysers, and said affected servers will recover by themselves shortly after the attacker has stopped sending bad packets. Also, external attacks can be filtered at the firewall level because the bad packets are always addressed to UDP port 135, Microsoft said.