search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp

Vulnerability Note VU#693099

Original Release Date: 2002-09-16 | Last Revised: 2003-04-15


The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port.


Microsoft LAN Manager (LANMAN) is enabled by default on systems running Microsoft Windows 2000. LANMAN listens to TCP port 445 and allocates kernel resources to handle requests on this port.

When LANMAN receives malformed packets, the system allocates kernel memory to handling these packets. When memory use approaches 100%, Windows and other applications may begin to behave erratically or fail. Symptoms may include: chronically incomplete drawing of windows; on-screen error boxes indicating that the sound driver could not be loaded, when a system sound would normally be played; IIS failure to execute ASP pages; and error messages such as "You do not have permissions to..." when attempting routine tasks such as restarting the system.

According to testing performed at KPMG Denmark, a system attacked by exploitation of the vulnerability may not be able to recover on its own, once memory is sufficiently consumed to inhibit normal operation.


The complete impact of this vulnerability is not yet known. Consumption of memory will make applications fail in various ways and disrupt services provided by the system.


Apply a patch

Upgrade to Windows 2000 Service Pack 3.

Vendor Information


Microsoft Corporation Affected

Updated:  August 10, 2002



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Peter Gründl for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs: CVE-2002-0597
Severity Metric: 5.49
Date Public: 2002-04-17
Date First Published: 2002-09-16
Date Last Updated: 2003-04-15 19:32 UTC
Document Revision: 8

Sponsored by CISA.