Windows OOB Bug, also known as WinNuke
Problem: This bug is a security hole in Windows that allows a
malicious user to crash Windows 3.11, Windows 95, and Windows NT machines that are
connected to a network (i.e. the Internet).
Cause: A program called WinNuke was written that sends OOB (Out Of
Band) data to an IP address of a Windows machine connected to the network. The most common
port of attack is port 139, used by NetBIOS, but other ports are
vulnerable if they are "listening." When a Windows machine receives the OOB
data, it is unable to handle the data and can exhibit behavior ranging from a lost
Internet connection to the infamous blue screen of death. This bug has not been shown to
cause any significant damage to systems, and a simple reboot is the preferred remedy.
Solution: There are different solution for different versions of Windows:
Windows 95: Download and install the MS DUN 1.3 Upgrade, then reboot your machine.
Windows 98: The fix is incorporated.
Windows NT: Always make sure you have the most current Service Pack for Windows NT installed.
Or download and install the Teardrop2 Patch (Note: this patch incorporates the ICMP, OOB, Simptcp and Land attack Windows NT Hot Fixes).
Windows 95 and NT: A company called SemiSoft Solutions out of New
Zealand has made available a small program (24 KB) called AntiNuke,
which can protect you from some port 139 attacks without the need for any patches. It can
monitor multiple network adapters, and will inform you of the IP addres of anyone who
tries to launch this attack against you.
References:
Microsoft TechNet, Article Q168747
Windows Operating System Bugs.
|