Syncstorm patch missing

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: syncstorm patch
Platforms: Windows NT
Description:

This machine was found to be vulnerable to a Sync Storm denial-of-service attack due to an unpatched TCPIP.SYS file.

Remedy:

Apply the latest Windows NT 4.0 Service Pack or Windows NT 4.0 Service Pack 3 (SP3) users must apply the teardrop2 patch.

To apply the latest Windows NT 4.0 Service Pack, follow these steps:

  1. Open a web browser.
  2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
  3. Find the installation program you downloaded to your computer.
  4. Double-click the program icon to start the installation.
  5. Follow the installation directions.

—OR—

To apply teardrop2, follow these steps:

  1. From the Windows NT Start menu, select Run.
  2. Type 'ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/teardrop2-fix/ and press Enter.
  3. View the README.TXT for patch version and execution.

For more information about teardrop2, see Microsoft Knowledge Base Article Q179129 available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/teardrop2-fix/Q179129.txt.
References:

Microsoft Knowledge Base Article Q179129, STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack, http://support.microsoft.com/support/kb/articles/q179/1/29.asp

Microsoft Knowledge Base Article Q179129, STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/Q179129.txt

Microsoft Knowledge Base Article Q179129, STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/Q179129.txt

Microsoft Knowledge Base Article Q142641, Internet Server Unavailable Because of Malicious SYN Attacks, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP1/syn-attack/q142641.txt

Microsoft Knowledge Base Article Q142641, Internet Server Unavailable Because of Malicious SYN Attacks, http://support.microsoft.com/support/kb/articles/q142/6/41.asp

CERT Advisory CA-96.21, TCP SYN Flooding and IP Spoofing Attacks, http://www.cert.org/ftp/cert_advisories/CA-96.21.tcp_syn_flooding

Microsoft Knowledge Base Article Q179129, STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack, http://support.microsoft.com/support/kb/articles/q179/1/29.asp
X-Force Logo
Know Your Risks