General 8066 Published by

Microsoft Security Bulletin MS00-027 announces the availability of a patch that eliminates a vulnerability in Microsoft:registered: Windows NT:registered: 4.0 and Windows:registered: 2000.

What´s the scope of the vulnerability?

This is a denial of service vulnerability. If a Windows NT 4.0 or Windows 2000 server provides scripts for its customers use, it could be possible for a malicious user to use this vulnerability to consume memory on the server, thereby slowing its response or preventing it from providing useful service altogether. The most commonly affected servers would be web servers that are remotely administered in a so-called "headless" configuration.

This vulnerability could not be used to compromise data, run arbitrary code on the server, or to usurp administrative control of it. It would only be exposed under very specific conditions that are not present on all servers. Moreover, coding practices in batch and script files can prevent this vulnerability from manifesting itself on an otherwise-affected server.

Read more