News

Denial-of-Service Vulnerability in TCP Affects Windows

Microsoft on Wednesday issued a security advisory to warn Windows users of a new denial of service vulnerability affecting TCP/IP.

The warning comes as part of a new pilot program, which Microsoft is using to acknowledge new security problems, provide workarounds and report progress in fixing flaws.

The TCP flaw allows a remote attacker to set arbitrary timer values for a TCP connection, creating a denial-of-service condition until TCP connections are re-established.

"We do not consider this to be a significant threat to the security of the Internet," Microsoft stated in the advisory. First among mitigating factors is that the flaw can only be used to create a denial of service; privilege elevation and code execution are not possible, according to Microsoft.

The flaw does not affect Windows 98/98 SE/ME. Changes made in Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and the MS05-019 security update eliminated the vulnerability.

Complicating the choice to apply MS05-019 are Microsoft's plans to rerelease MS05-019 in June to fix some problems it introduced with network connectivity in certain network configurations. The network connectivity problems are not related to the new TCP/IP flaws or the critical remote code execution flaw that the April bulletin was issued to patch.

For more information on the TCP security advisory and the MS05-019 rerelease, see Microsoft Security Advisory (899480).

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.