CVE-2010-0242

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions Gold, SP1, and SP2 Microsoft Windows Server 2008 versions Gold and SP2

Description A denial of service issue exists due to an error in TCP/IP processing when handling specially crafted TCP packets with a malformed selective acknowledgement (SACK) value. This allows remote attackers to cause a system hang via crafted packets. An attacker could exploit this by sending a small number of specially crafted packets, causing the affected system to stop responding and automatically restart.

Recommendations For Microsoft Windows Vista versions Gold, SP1, and SP2: Apply the necessary patch to fix the TCP/IP implementation issue. For Microsoft Windows Server 2008 versions Gold and SP2: Apply the necessary patch to fix the TCP/IP implementation issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.