DOCUMENT :Q238329 TITLE :Malformed IGMP Packets May Promote "Denial of Service" Attack PRODUCT :Windows NTPROD/VER:4.0 OPER/SYS :WINDOWS NT ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation version 4.0 - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Server, Enterprise Edition version 4.0 - Microsoft BackOffice Small Business Server version 4.0 - Microsoft BackOffice Server version 4.0 - Microsoft Windows NT Server version 4.0, Terminal Server Edition - Microsoft Windows 95 - Microsoft Windows 95 OEM Service Release versions 1, 2, 2.1, 2.5 - Microsoft Windows 98 - Microsoft Windows 98 Second Edition ------------------------------------------------------------------------------- SYMPTOMS ======== When a computer running Windows 98 receives a fragmented Internet Group Management Protocol (IGMP) packet, the computer's performance may degrade or the computer may stop responding (hang) and require a reboot to restore functionality. Computers running Windows NT 4.0 are also affected by this issue, but other system components prevent any performance degradation. CAUSE ===== A fragmented IGMP packet may cause the TCP/IP stack to improperly gain access to invalid segments of the computer's memory. RESOLUTION ========== Windows NT ---------- Windows NT Workstation 4.0; Windows NT Server 4.0; Windows NT Server, Enterprise Edition: A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0 service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web: http://www.microsoft.com/support/supportnet/overview/overview.asp The English-language version of this fix should have the following file attributes or later: Date Time Size File name Platform -------------------------------------------------- 08/14/99 03:54p 150,800 Tcpip.sys x86 08/14/99 03:53p 274,032 Tcpip.sys Alpha This hotfix has been posted to the following Internet location as Igmpfixi.exe and Igmpfixa.exe.exe: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP5/IGMP-fix/ Terminal Server --------------- Windows NT Server 4.0, Terminal Server Edition: A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0, Terminal Server Edition, service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web: http://www.microsoft.com/support/supportnet/overview/overview.asp The English-language version of this fix should have the following file attributes or later: Date Time Size File name Platform -------------------------------------------------- 09/01/99 03:28p 147,920 Tcpip.sys x86 09/01/99 03:34p 269,648 Tcpip.sys Alpha This hotfix has been posted to the following Internet location as Igmpfixi and Igmpfixa.exe: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/hotfixes-postSP4/IGMP-fix/ Windows 95/98 ------------- The English-language version of this fix should have the following file attributes or later: Date Time Size File name Version Platform ---------------------------------------------------------------- 08/12/99 05:20p 75,769 Vip.386 4.10.1999 Windows 98 08/03/99 02:50p 80,409 Vip.386 4.10.2223 Windows 98 Second Edition This hotfix has been posted to the following Internet location as 3304up98.exe (Windows 98) and 3304upse.exe (Windows 98 Second Edition): http://www.microsoft.com/windows98/downloads/corporate.asp STATUS ====== Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. MORE INFORMATION ================ For more information about this vulnerability, see the following Microsoft Web site: http://www.microsoft.com/security/bulletins/ms99-034faq.asp