Denial of service in Windows 2000

According to a report by SecurityFocus -at http://online.securityfocus.com/bid/4532
- a denial of service problem has
been discovered in Windows 2000.

Due to this vulnerability, a malicious user could block the system by
sending malformed data to port 445. This would cause the Lanman service to
consume high levels of CPU and Kernel memory resources.

Microsoft also offers information on this problem at
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320751, and
describes two methods(*) for dealing with the problem. The first method
involves disabling  NetBIOS over TCP/IP, which closes the vulnerable port.
However, if there are programs being used that require NetBIOS support, you
can create and configure the MaxWorkItems value in the registry. To do this,
follow these steps:

1. Start Registry Editor (Regedt32.exe).

2. Locate the Parameters value under the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\

3. On the Edit menu, click Add Value, type MaxWorkItems.

4. Click REG_DWORD, and then click OK.

5. Set the data to the one of the following:
- 1024 for computers with a large amount of memory (greater than 2 gigabytes
of memory).
- 512 for computers with a medium amount of memory (512 megabytes to -2
gigabytes).
- 256 for computers with a small amount of memory (less than 512 megabytes).

6. Quit Registry Editor.

(*)WARNING: Microsoft warns that using Registry Editor incorrectly can cause
serious problems that may require that you reinstall your operating system,
and that problems resulting from the incorrect use of Registry Editor may
not be able to be resolved.)