vendor:
Windows
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Windows
Affected Version From: Windows 2000
Affected Version To: Windows Server 2003
Patch Exists: Yes
Related CWE: CVE-2005-1217
CPE: o:microsoft:windows
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 2000, Windows XP, Windows Server 2003
2005
Microsoft Windows MSDTC Denial of Service Vulnerability
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a denial of service vulnerability. The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC. This vulnerability may be exploited by a remote attacker to deny the availability of services that depend on MSDTC. This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.
Mitigation:
Microsoft has released a patch to address this issue. Additionally, users should ensure that the TIP protocol is disabled on Windows XP and Windows Server 2003.
