Affects: Windows 3.11, Windows 95 (including OSR2), Windows NT 3.51, and Windows NT 4.0

Description of Bug:

This bug is a security hole in Windows that allows a malicious user to crash Windows 3.11, Windows 95, and Windows NT machines that are connected to a network. The attack occurs most commonly over the Internet.

A program was written (called WinNuke) that sends OOB (Out Of Band) data to an IP address of a Windows machine connected to the network. The most common port of attack is NetBIOS (port 139), but other ports are vulnerable if they are "listening." WinNuke, the theory behind it, and then spin-off applications for multiple platforms were circulated around the Internet, causing malicious users to exploit this hole to crash remote Windows systems from a number of platforms, including Mac and many flavors of UNIX.

When a Windows machine receives the OOB data, it is unable to handle the data and can exhibit behavior ranging from a lost Internet connection to the infamous blue screen of death. This bug has not been shown to cause any significant damage to systems, and a simple reboot is the preferred remedy. However, though non-destructive, this bug could cause possible problems if you have unsaved data in an open application when you are attacked, causing you to lose the data.

 

Available Fix(es):

Windows 95 and NT Users: This attack can be prevented by following the procedures on the WinFiles.com Attack-Proofing Procedures page.

Windows 95 and NT Users: A company called SemiSoft Solutions out of New Zealand has made available a small program (24 KB) called AntiNuke, which can protect you from some port 139 attacks without the need for any patches. It can monitor multiple network adapters, and will inform you of the IP addres of anyone who tries to launch this attack against you. You can download it by clicking here.

Additional Info: http://support.microsoft.com/support/kb/articles/q168/7/47.asp

CertifyEasily

Microsoft and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with CertifyEasily. The products referenced in this site are provided by parties other than CertifyEasily. CertifyEasily makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.