Microsoft downplays Windows flaw severity

Software giant is alerted by a French security company about a Windows flaw--but says it already fixed the issue.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

Joris Evers

May 19, 2005 6:52 a.m. PT

Microsoft on Wednesday issued one of its first Microsoft Security Advisories, responding to reports of a flaw in Windows that could allow denial-of-service attacks.

In the advisory, Microsoft says that the problem was fixed with a patch it released in April and that systems running Windows XP with Service Pack 2 (SP2) and that Windows Server with SP1 are not vulnerable.

The Microsoft Security Advisory is part of a pilot program that Microsoft announced earlier this month. The advisory service is meant to confirm reports of flaws and provide information on how users can protect themselves, either by pointing to patches or providing a work-around.

In Wednesday's advisory, Microsoft responds to reports from French Security Incident Response Team, or FrSIRT, about a flaw in Microsoft's implementation of TCP/IP, a network component in Windows.

An attacker could exploit the flaw to disrupt network connectivity, Microsoft acknowledges. However, the Redmond, Wash.-based company is unaware of any attacks that exploit the vulnerability and has not had reports of any customer impact, according to the advisory.

"We do not consider this to be a significant threat to the security of the Internet," Microsoft said in its advisory.