diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Sep122009

Windows XP SP2, SP3, XP 64 Edition SP2, and Windows 2000 Server ‘not affected’ with MS09-048 vulnerabilities

Sep 2009 security bulletin’s major concerns was about MS09-048; now updated to call out Windows XP, as its not affected by any Denial-of-Service, Remote Code Execution vulnerabilities. Because, XP SP2 / SP3, and XP Pro x64 Edition SP2 don’t have a listening service configured in client firewall and therefore not affected. Windows XP SP2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network. The impact of a DoS attack’s that a system would become unresponsive due to memory consumption. However, a successful attack requires a sustained flood of specially crafted TCP packets, and the system’ll recover once the flood ceases. XP is not affected by CVE-2009-1925. Customers running Windows XP are at reduced risk, and Microsoft recommends they use built-in firewall, or a network firewall, to block access to affected ports and limit the attack surface from untrusted networks. Windows 2000 scenario is very similar to XP in that an attack requires a sustained flood of specially crafted TCP packets and the system’ll recover once the flood stops. Keeping Windows 2000 servers behind a NAT or reverse proxy can help to reduce risk.

Source:→ MSRC blog

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...