Microsoft KB Archive/893066

= MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service =

Article ID: 893066

Article Last Modified on 7/6/2006

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Service Pack 4
 * Microsoft Windows XP for Itanium-based Systems Version 2003
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Service Pack 1a
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Media Center Edition 2005
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Service Pack 1a
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows XP Tablet PC Edition 2005
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition

-





Technical Update

 * June 14, 2005: Security update MS05-019 was re-released.
 * June 14, 2005: Updated the &quot;Known issues&quot; section.
 * August 17, 2005: Updated the &quot;Known issues&quot; section.



SUMMARY
Microsoft has released security bulletin MS05-019. The security bulletin contains all the relevant information about the security update. The information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:  Home users:

http://www.microsoft.com/athome/security/update/bulletins/default.mspx

 IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx





Known issues
 For more information, click the following article number to view the article in the Microsoft Knowledge Base:

901159 Some Internet Security Systems products stop running after you install the revised MS05-019 security update or after you install the Update Rollup 1 for Windows 2000 SP4 on a Windows 2000-based computer

 After you install the updated version of security update MS05-019 on a Windows 2000-based computer, you may notice that there is no Remove button for the KB893066 entry in the Add or Remove Programs (ARP) tool in Control Panel. Security update MS05-019 modifies the way that the affected operating systems validate the ICMP requests. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

900926 Recommended TCP/IP settings for WAN links with a MTU size of less than 576

</li> In Windows XP Service Pack 2, the Add or Remove Programs tool in Control Panel lists software updates. Add or Remove Programs lists software updates under the name of the product that they update. In Windows XP Service Pack 2, Add or Remove Programs will list this update under Windows XP – Software Updates. In Windows XP Service Pack 2, Add or Remove Programs will not show &quot;Installed On&quot; for this software update. Therefore, this software update does not show up in the order of installation. Instead, this software update shows at the top of the Windows XP – Software Updates list.</li> After you install this security update, you may notice network performance degradation. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

890345 Security update 893066 returns the default size of the TCP receive window in Windows 2000 to the pre-Service Pack 3 default size of 17,520 bytes

</li> This security update supports a new registry key that is named MaxIcmpHostRoutes. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

896350 Security update 893066 introduces the MaxIcmpHostRoutes registry entry

</li> On computers that are running Microsoft Windows XP with Service Pack 1 (SP1), networking programs and tools that send manually crafted Transmission Control Protocol (TCP) packets over raw Internet Protocol (IP) sockets may stop working. This behavior may also affect programs and tools that send User Datagram Protocol (UDP) packets. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

897656 Networking programs that send TCP packets or UDP packets over raw IP sockets may stop working after you apply security update MS05-019 to a computer that is running Windows XP with Service Pack 1

</li> Network connectivity between clients and servers may not work after you install security update MS05-019. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

898060 Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail

</li> For more information, click the following article number to view the article in the Microsoft Knowledge Base:

898542 Windows Server 2003 systems using IPsec tunnel-mode functionality may experience problems after you install the original version of 893066

</li></ul>

Additional query words: update security_patch security_update bug flaw vulnerability malicious attacker exploit registry unauthenticated specially-formed scope specially-crafted remote code execution rce denial of service DoS tcpip.sys

Keywords: kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbwinserv2003sp1fix kbwin2000presp5fix kbwinserv2003presp1fix kbwinxppresp3fix kbhotfixserver KB893066

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.