CVE-2009-1926

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2

Description: A denial of service issue exists due to an error in TCP/IP processing when handling specially crafted packets with a small or zero TCP receive window size. This can cause a system to stop responding to new requests if an attacker floods it with such packets, leading to a denial of service. The issue arises when an application closes a TCP connection with pending data and the attacker has set a small or zero TCP receive window size, preventing the server from completely closing the connection.

Recommendations: For Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2, consider implementing configuration changes to mitigate the risk of exploitation, such as adjusting TCP/IP settings to handle small or zero receive window sizes more effectively. At the moment, there is no information about a newer version that contains a fix for this vulnerability.