AnsweredAssumed Answered

QID 82054, TCP Sequence Number Approximation Based Denial of Service, on Windows Server 2008 R2

Question asked by bhadfield on Jul 29, 2013
Latest reply on Jan 9, 2014 by bhadfield

I'm running an external PCI scan (not authenticated) against a Windows 2008 R2 Server.

 

The system is flagged as vulnerable to "TCPSequence Number Approximation Based Denial of Service"(CVE-2004-0230).  The Microsoft bulletins related to this are MS05-019 and MS06-064. Neither of these applies to Server 2008 R2.  It looks like the problem was fixed in Server2003 R2.

 

I'm sure I'm not the first person to run into this, but I don't see any discussions about it.

Outcomes