Microsoft, Cisco Finally Patch TCP DoS Flaw 114
Trailrunner7 writes "Today vendors are finally releasing patches for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco's IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities today. The Microsoft Patch Tuesday release included the fix for the TCP flaw, which affects Windows Server 2003 and 2008, as well as Windows Vista, both the 32-bit and 64-bit editions, and Windows 2000 SP4, for which no fix is coming. The TCP flaws were identified several years ago and were made public last year by two researchers at Outpost24, Jack C. Louis and Robert E. Lee. Louis, who has since died, developed a tool called Sockstress that tested for the flaw and was able to maintain extremely long-term TCP connections with remote machines using very little bandwidth."
very, very old vulnerability (Score:4, Funny)
I mean, Robert E. Lee has been dead for *decades*.
Hey things take time. (Score:5, Funny)
I'm proud of them for releasing this fix in such a timely fashion.
Re:what's the point of IOS? (Score:2, Funny)
Obviously at the time IOS was designed, everyone would write their own special-purpose operating system for embedded devices. These days, wouldn't it make more sense to just scrap it and switch to Linux? Lots of other manufacturers are doing it (Linksys, Netgear, D-Link, etc.). This would certainly prevent this kind of embarassment.
you have no idea how big and dedicated the Cisco IOS is!
Re:very, very old vulnerability (Score:3, Funny)
It must have taken an army of coders to fix these flaws.
It was easy. They had confederates!
Re:Better Late than never? (Score:3, Funny)