Microsoft Puts Out Alert On New TCP/IP Flaw In Windows

"We do not consider this to be a significant threat to the security of the Internet," a Microsoft spokesperson said Thursday when queried about the advisory.

The new vulnerability in Windows' TCP/IP implementation could allow an attacker to reset existing TCP connections on a PC, essentially taking it offline in a denial-of-serve (DoS) fashion. The attacker could not exploit this vulnerability to execute additional code or gain access to the PC, however.

Because the new vulnerability is very similar to already-patched TCP reset problems, Microsoft said that users who had deployed Windows XP SP2 or Windows Server 2003 SP1, or who had applied April's MS05-019 patch, were safe.

The vulnerability affects Windows XP and Windows XP SP1, Windows 2000, and Windows Server 2003, said Microsoft, but "we have not been made aware of any attacks attempting to use the vulnerability," the Microsoft spokesperson said.

"We continue to urge customers to install MS05-019," she added.

That bulletin, however, has problems of its own. Microsoft has acknowledged that the bulletin's patches have caused major connectivity troubles for IT staffs. The problems range from Exchange servers failing to communicate with their domain controllers to an inability of clients to connect to terminal servers or access file shares.

Microsoft has posted a Knowledgebase article on its technical support site that details the problems in MS05-019. Among the solutions, said Microsoft in that article, are to request an available hot fix from the Redmond, Wash.-based developer, or reset the MTU value.

M05-019 will, in fact, be replaced by an updated bulletin and patches in June, Microsoft has confirmed.

Another way to deflect potential attacks using the new-found TCP/IP vulnerability is to disable the TCP Timestamp Option; instructions are available on the Windows 2000 support site.

Microsoft's Security Advisories debuted Tuesday, May 10. The company considers it a pilot program to give customers additional security information and recommendations that either don't meet the criteria it sets for monthly patches, or that is important enough to disclose immediately.