View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

Microsoft Windows spoofed connection denial of service vulnerability

Date Discovered:
5 Mar 2005

Date Published:
7 Mar 2005

Last Updated:
8 Jan 2008

Threat Assessment

Overall Risk:  Medium
Popularity : High
Impact:  Medium
Simplicity:  Low

Characteristics

Vulnerability ID:  32520
Discovered By:  Dejan Levaja

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  A remote attacker can cause a denial of service condition.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

Microsoft Windows contains a vulnerability that can allow a remote attacker to cause a denial of service condition. The vulnerability is due to mishandling of TCP SYN packets with matching source IP address, destination IP address and ports. An attacker can send a specially crafted TCP/IP message to cause excessive CPU utilization which results in denial of service condition.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT
Apply: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR

Upgrade to Windows Server 2003 SP1 from the vendor.

http://support.microsoft.com/kb/889100

-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT
Apply: WindowsServer2003-KB941644-x86
If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN

Download:
http://download.microsoft.com/download/7/b/7/7b7e472e-0419-4923-9f32-89598dcb36f1/WindowsServer2003-KB941644-x86-ENU.exe


-------------------------------------------------------------------------------
For: Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT
Apply: WindowsXP-KB941644-x86
If you have: Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 EN

Download:
http://download.microsoft.com/download/3/e/3/3e3b48d5-1897-44f5-8271-127e09ba97f3/WindowsXP-KB941644-x86-ENU.exe


-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN

Please download and install the following patch:



WindowsServer2003-KB893066-v2-ia64-enu.exe

-------------------------------------------------------------------------------
For: Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT
Apply: WindowsXP-KB917953-x86
If you have: Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Professional SP1 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 FR

Download:
http://download.microsoft.com/download/6/7/8/678fcca2-fc1e-424b-ba69-e9211af2eccc/WindowsXP-KB917953-x86-FRA.exe

If you have: Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Professional SP1 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 ES

Download:
http://download.microsoft.com/download/a/4/b/a4bd7d4d-ed07-413a-b492-d2a614b07563/WindowsXP-KB917953-x86-ESN.exe

If you have: Microsoft Windows XP Home Edition SP1 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Professional SP1 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 EN

Download:
http://download.microsoft.com/download/0/0/7/007eec69-c7a8-4503-b46b-50996c16fc87/WindowsXP-KB917953-x86-ENU.exe

If you have: Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional SP1 x86 32 IT, Microsoft Windows XP Professional SP2 x86 32 IT

Download:
http://download.microsoft.com/download/8/a/3/8a374c15-5347-4acc-84be-003676a169a4/WindowsXP-KB917953-x86-ITA.exe

If you have: Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Professional SP1 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 DE

Download:
http://download.microsoft.com/download/9/6/3/9632c689-403a-4049-a6c0-9bcbf54e967c/WindowsXP-KB917953-x86-DEU.exe


-------------------------------------------------------------------------------
For: Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT
Apply: WindowsXP-KB893066-v2-x86
If you have: Microsoft Windows XP Professional SP1 x86 32 IT, Microsoft Windows XP Professional SP2 x86 32 IT

Download:
http://download.microsoft.com/download/4/6/0/460cdd8d-895b-475a-a740-6a42df851c8b/WindowsXP-KB893066-v2-x86-ITA.exe

If you have: Microsoft Windows XP Professional SP1 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 EN

Download:
http://download.microsoft.com/download/2/8/e/28ef9005-4845-4496-a2e1-c0f8a2b673ca/WindowsXP-KB893066-v2-x86-ENU.exe

Instructions:

Note: this patch replaces WindowsXP-KB893066-x86-ENU

If you have: Microsoft Windows XP Professional SP1 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 DE

Download:
http://download.microsoft.com/download/9/b/2/9b2b999b-4883-4eeb-a761-a2341c6be8b4/WindowsXP-KB893066-v2-x86-DEU.exe

If you have: Microsoft Windows XP Professional SP1 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 ES

Download:
http://download.microsoft.com/download/a/6/b/a6b7dc93-6364-4515-b3b2-584fa535135b/WindowsXP-KB893066-v2-x86-ESN.exe

If you have: Microsoft Windows XP Professional SP1 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 FR

Download:
http://download.microsoft.com/download/7/1/8/7181e587-93f6-4692-8147-e3c53b689ed7/WindowsXP-KB893066-v2-x86-FRA.exe


-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT
Apply: WindowsServer2003-KB917953-x86
If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 FR

Download:
http://download.microsoft.com/download/e/a/0/ea0353b8-898b-4b1e-a1eb-4483df86b2e3/WindowsServer2003-KB917953-x86-FRA.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 IT

Download:
http://download.microsoft.com/download/9/6/3/963be8bc-1189-4aaa-a2b9-daae07b9b74a/WindowsServer2003-KB917953-x86-ITA.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 EN

Download:
http://download.microsoft.com/download/4/a/c/4acfbb76-d3a0-4094-b92e-41ff2bc57fa0/WindowsServer2003-KB917953-x86-ENU.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 DE

Download:
http://download.microsoft.com/download/b/e/e/bee164b1-1035-40fc-81d4-bead8282f796/WindowsServer2003-KB917953-x86-DEU.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 ES

Download:
http://download.microsoft.com/download/7/1/a/71a5a261-8c37-4030-92f8-926e399cdd2e/WindowsServer2003-KB917953-x86-ESN.exe


-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT
Apply: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT

Upgrade to Windows Server 2003 SP1 from the vendor. http://support.microsoft.com/kb/889100

-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT
Apply: WindowsServer2003-KB893066-v2-x86

Install WindowsServer2003-KB893066-v2-x86
If you have: Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 ES

Download:
http://download.microsoft.com/download/7/c/1/7c1cc999-9d3b-4455-bda9-376f573312a5/WindowsServer2003-KB893066-v2-x86-esn.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 DE

Download:
http://download.microsoft.com/download/0/7/0/0701c2b4-d914-406f-a17d-60f8adbe5e0f/WindowsServer2003-KB893066-v2-x86-deu.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 FR

Download:
http://download.microsoft.com/download/9/b/5/9b5a2fc4-d410-4977-8e30-389d51dedb1e/WindowsServer2003-KB893066-v2-x86-fra.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 EN

Download:
http://download.microsoft.com/download/3/9/c/39c7db36-2f55-4fd7-bd4c-ebbb58a2a21d/WindowsServer2003-KB893066-v2-x86-enu.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 IT

Download:
http://download.microsoft.com/download/e/e/4/ee471e08-71c9-4458-97f4-f5a424ae8794/WindowsServer2003-KB893066-v2-x86-ita.exe

Back to top

Affected Technologies

Microsoft: Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 ES
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 FR
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 IT
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 DE
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 ES
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 FR
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 IT
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 DE
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 ES
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 FR
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 IT
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 DE
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 EN
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 ES
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 FR
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 IT
Microsoft: Microsoft Windows XP Professional SP2 x86 32 DE
Microsoft: Microsoft Windows XP Professional SP2 x86 32 EN
Microsoft: Microsoft Windows XP Professional SP2 x86 32 ES
Microsoft: Microsoft Windows XP Professional SP2 x86 32 FR
Microsoft: Microsoft Windows XP Professional SP2 x86 32 IT

Back to top

References

Microsoft: MS05-019
Mitre CVE: CAN-2005-0559
Mitre CVE: CAN-2005-0688

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare