Microsoft and Cisco released a fix for the Sockstress TCP DoS

Vulnerability Cisco+MicrosoftMicrosoft and Cisco have released a number of updates designed to protect customers from a new types of attack that do not require a big bandwidth access and can cause a denial-of-service condition on routers and servers.

The same bug that was discovered last year on October, in which researchers Jack C. Louis and Robert E. Lee demonstrated how it is possible to route traffic from victim’s machine making the remote system unavailable.

Microsoft has made advisory bulletin (MS09-048) available yesterday which covers a wide range of Operating system network vulnerabilities and in this update it introduces a new measure of protection named memory pressure protection, this can helps to automatically resets the TCP connection and SYN requests in case of attack.

The Tuesday update includes fixing for eight vulnerabilities in JavaScript Scripting Engine, Windows Media Format and Wireless software…, here you can find more details.

On the other hand Cisco also released a security advisory for the TCP DoS attack, warning costumers that products (Cisco IOS Software, Cisco IOS-XE Software, Cisco CatOS Software, Cisco Adaptive Security Appliance and Cisco PIX, Cisco NX-OS Software) are affected by this vulnerability.

So it is time to review the security advisories and implement the suggested workarounds list to help mitigate the risks.

make sure you subscribe to my RSS feed!