Windows Server 2003 shipped in April with drivers afflicted by the Etherleak bug, first identified in January
Several third-party device drivers that ship with Windows Server 2003 contain a vulnerability that causes them to leak potentially sensitive data during TCP transmissions.
Security experts have criticised many of the vendors for failing to act quickly enough to guide users to fixes, and said the flaw could lead to attacks through local area networks (LANs).
The so-called Etherleak flaw, first highlighted in January, occurs when messages transmitted between two machines are padded with arbitrary data in order to bring their byte size in line with the accepted standard. When Ethernet frames do not meet the minimum size requirement specified by the standard, the device drivers pad the frames with data pulled from previously used buffers. This means that whatever information was in that buffer is then sent as part of the new transmission.
News source: vnunet.com
Several third-party device drivers that ship with Windows Server 2003 contain a vulnerability that causes them to leak potentially sensitive data during TCP transmissions.
Security experts have criticised many of the vendors for failing to act quickly enough to guide users to fixes, and said the flaw could lead to attacks through local area networks (LANs).
The so-called Etherleak flaw, first highlighted in January, occurs when messages transmitted between two machines are padded with arbitrary data in order to bring their byte size in line with the accepted standard. When Ethernet frames do not meet the minimum size requirement specified by the standard, the device drivers pad the frames with data pulled from previously used buffers. This means that whatever information was in that buffer is then sent as part of the new transmission.
News source: vnunet.com
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.