KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q238329: Malformed IGMP Packets May Promote "Denial of Service" Attack

Article: Q238329
Product(s): Windows for Workgroups and Windows NT Networking Issues
Version(s): 3.0,4.0
Operating System(s): 
Keyword(s): kbnetwork osr2 win95 win98 win98se
Last Modified: 08-MAY-2002

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Workstation version 4.0 
- Microsoft Windows NT Server version 4.0 
- Microsoft Windows NT Server, Enterprise Edition version 4.0 
- Microsoft Windows NT Server version 4.0, Terminal Server Edition 
- Microsoft Windows 95 
- Microsoft Windows 98 
- Microsoft Windows 98 Second Edition 
- Microsoft Windows CE Platform Builder, version 3.0 
-------------------------------------------------------------------------------

SYMPTOMS
========

When a computer running Windows 95 or Windows 98 receives a fragmented Internet
Group Management Protocol (IGMP) packet, the computer's performance may degrade
or the computer may stop responding (hang) and require a reboot to restore
functionality.
Computers running Windows NT 4.0 are also affected by this issue, but other
system components prevent any performance degradation.

CAUSE
=====

A fragmented IGMP packet may cause the TCP/IP stack to improperly gain access to
invalid segments of the computer's memory.

RESOLUTION
==========

This patch is now available on the Windows Update Web site.

NOTE: If Dial-Up Networking Update version 1.3 for Windows 95 is not installed,
you will not be able to view this fix.

Windows NT
----------

Windows NT Workstation 4.0; Windows NT Server 4.0; Windows NT Server, Enterprise
Edition: A supported fix is now available from Microsoft, but it is only
intended to correct the problem described in this article and should be applied
only to systems experiencing this specific problem. This fix may receive
additional testing at a later time, to further ensure product quality.
Therefore, if you are not severely affected by this problem, Microsoft
recommends that you wait for the next Windows NT 4.0 service pack that contains
this fix.

To resolve this problem immediately, contact Microsoft Product Support Services
to obtain the fix. For a complete list of Microsoft Product Support Services
phone numbers and information about support costs, please go to the following
address on the World Wide Web:

  http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are normally incurred for support calls may
be canceled, if a Microsoft Support Professional determines that a specific
update will resolve your problem. Normal support costs will apply to additional
support questions and issues that do not qualify for the specific update in
question.

The English-language version of this fix should have the following file
attributes or later:

  Date       Time     Size      File name   Platform
  --------------------------------------------------
  08/14/99   03:54p   150,800   Tcpip.sys   x86
  08/14/99   03:53p   274,032   Tcpip.sys   Alpha

This hotfix has been posted to the following Internet location as Igmpfixi.exe
and Igmpfixa.exe.exe:

  ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP5/IGMP-fix/



Terminal Server
---------------

Windows NT Server 4.0, Terminal Server Edition:

A supported fix is now available from Microsoft, but it is only intended to
correct the problem described in this article and should be applied only to
systems experiencing this specific problem. This fix may receive additional
testing at a later time, to further ensure product quality. Therefore, if you
are not severely affected by this problem, Microsoft recommends that you wait
for the next Windows NT 4.0, Terminal Server Edition, service pack that contains
this fix.

To resolve this problem immediately, contact Microsoft Product Support Services
to obtain the fix. For a complete list of Microsoft Product Support Services
phone numbers and information about support costs, please go to the following
address on the World Wide Web:

  http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are normally incurred for support calls may
be canceled, if a Microsoft Support Professional determines that a specific
update will resolve your problem. Normal support costs will apply to additional
support questions and issues that do not qualify for the specific update in
question.

The English-language version of this fix should have the following file
attributes or later:

  Date       Time     Size      File name   Platform
  --------------------------------------------------
  09/01/99   03:28p   147,920   Tcpip.sys   x86
  09/01/99   03:34p   269,648   Tcpip.sys   Alpha

This hotfix has been posted to the following Internet location as Igmpfixi and
Igmpfixa.exe:

  ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/hotfixes-postSP4/IGMP-fix/



Windows 98
----------

The English-language version of this fix should have the following file
attributes or later:

  Date       Time      Size       File name  Version    Platform
  ----------------------------------------------------------------
  08/12/99   05:20p    75,769     Vip.386    4.10.1999  Windows 98
  08/03/99   02:50p    80,409     Vip.386    4.10.2223  Windows 98
                                                        Second Edition

This hotfix has been posted to the following Internet location as 3304up98.exe
(Windows 98) and 3304upse.exe (Windows 98 Second Edition):

  http://www.microsoft.com/windows98/downloads/corporate.asp

Windows CE Platform Builder
---------------------------

A supported fix is now available from Microsoft as Windows CE 3.0 Core OS QFE 72.
To resolve this problem immediately, access the Microsoft.com Download Center at
the following Web site:

  http://www.microsoft.com/downloads/search.asp?

After you connect to this Web page, click All Products for the product name.
Click Windows CE for the operating system. Click All Downloads for Show Results
For, and then click Date for Sort By. Click Find It to show a list of all
released QFEs for the products.

The English version of this package should have the following file attributes or
later:

  Size        File name
  --------------------------
  7,010,648   Wce30qfe72.exe

The English version of this fix should contain the following files, with the
listed file attributes or later:

  Date      Time   Size     File Name  Platform
  ----------------------------------------------------
  28/08/01  16:57  752,398  Ip.lib     ARM720 (Debug)
  28/08/01  16:52  602,798  Ip.lib     ARM720 (Retail)
  28/08/01  17:07  751,138  Ip.lib     SA1100 (Debug)
  28/08/01  17:02  601,594  Ip.lib     SA1100 (Retail)
  28/08/01  15:58  853,168  Ip.lib     R3000  (Debug)
  28/08/01  15:53  723,524  Ip.lib     R3000  (Retail)
  28/08/01  16:09  853,744  Ip.lib     R4100  (Debug)
  28/08/01  16:04  722,718  Ip.lib     R4100  (Retail)
  28/08/01  16:18  853,744  Ip.lib     R4111  (Debug)
  28/08/01  16:14  660,436  Ip.lib     R4111  (Retail)
  28/08/01  16:28  853,168  Ip.lib     R4300  (Debug)
  28/08/01  16:24  722,788  Ip.lib     R4300  (Retail)
  28/08/01  16:38  834,326  Ip.lib     PPC403 (Debug)
  28/08/01  16:33  637,792  Ip.lib     PPC403 (Retail)
  28/08/01  16:48  834,326  Ip.lib     PPC821 (Debug)
  28/08/01  16:43  637,792  Ip.lib     PPC821 (Retail)
  28/08/01  15:37  767,984  Ip.lib     SH3    (Debug)
  28/08/01  15:32  643,336  Ip.lib     SH3    (Retail)
  28/08/01  15:48  767,752  Ip.lib     SH4    (Debug)
  28/08/01  15:43  643,118  Ip.lib     SH4    (Retail)
  28/08/01  17:17  756,116  Ip.lib     ARM720 (Debug)
  28/08/01  17:12  632,204  Ip.lib     ARM720 (Retail)
  28/08/01  15:28  689,554  Ip.lib     i486   (Debug)
  28/08/01  15:23  532,528  Ip.lib     i486   (Retail)

Windows 95
----------

The English-language version of this fix should have the following file
attributes or later:

  Date       Time     Size      File name   Version     Platform
  ----------------------------------------------------------------
  08/14/99   04:12p   75,873    Vip.386     4.10.1657   Windows 95
                                                        (all versions)

This hotfix has been posted to the following Internet location as 3304up95.exe
(Windows 95, all versions):

  http://www.microsoft.com/windows95/downloads/

NOTE: For Windows 95, this update requires the Dial-Up Networking 1.3 Performance
and Security Update. To download the Dial-Up Networking 1.3 Performance and
Security Update (Msdun13.exe), please go to the following Microsoft Web site:

  http://www.microsoft.com/windows95/downloads/contents/WURecommended/S_WUNetworking/dun13win95/Default.asp

STATUS
======

Microsoft has confirmed this to be a problem in the Microsoft products that are
listed at the beginning of this article.

MORE INFORMATION
================

For more information about this vulnerability, see the following Microsoft Web
site:

  http://www.microsoft.com/security/bulletins/ms99-034faq.asp

For additional information about Windows 95 hotfixes, click the article number
below to view the article in the Microsoft Knowledge Base:

  Q161020 Implementing Windows 95 Updates

For additional information about Windows 98 and Windows 98 Second Edition
hotfixes, click the article number below to view the article in the Microsoft
Knowledge Base:

  Q206071 General Information on Windows 98 and SE Hotfixes


Additional query words: MS99-034

======================================================================
Keywords          : kbnetwork osr2 win95 win98 win98se 
Technology        : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT400search kbWinNTSsearch kbWinNTSEntSearch kbWinNTSEnt400 kbWinNTS400search kbWinNTS400 kbNTTermServ400 kbNTTermServSearch kbAudDeveloper kbWin95search kbWin98search kbWin98SEsearch kbSDKSearch kbWinCESDKSearch kbWinCESearch kbZNotKeyword3 kbWinCESDK300 kbWin98 kbWin98SE
Version           : :3.0,4.0
Hardware          : ALPHA x86
Issue type        : kbbug
Solution Type     : kbfix

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.