Check or Attack Name: oob_crash

The machine is vulnerable to the Out of Band (OOB) attack. Sending out of band data to port 139 will cause Windows NT to stop and Windows 95 to lose networking and possibly crash. Other systems have also been shown to be vulnerable to this attack.

Apply the latest Windows NT 4.0 Service Pack or Windows NT 4.0 Service Pack 3 (SP3) users must apply the teardrop2 patch.

To apply the latest Windows NT 4.0 Service Pack, follow these steps:

1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.

Windows NT 4.0 SP3 users must apply the teardrop2 patch:

1. Open a web browser.
2. Go to 'ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/teardrop2-fix/.
3. View the README.TXT for patch version and execution.
4. Download the appropriate patch for your computer.
5. Locate the file you just downloaded on your computer.
6. Follow the installation directions to install the patch.

Microsoft Knowledge Base Article Q179129, STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack, http://support.microsoft.com/support/kb/articles/q179/1/29.asp

CIAC Information Bulletin H-57, Windows NT/95 Out of Band Data Exploit, http://ciac.llnl.gov/ciac/bulletins/h-57.shtml

SCO Security Bulletin 98:01, IP-based Denial of Service Attacks, ftp://ftp.sco.com/SSE/security_bulletins/SB.98:01a

Microsoft Knowledge Base Article Q179129, STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/Q179129.txt