Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
WinNuke
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
In [[computer security]], '''WinNuke''' is an example of a [[Nuke (computer)|Nuke]] remote [[denial-of-service attack]] (DoS) attack exploit that affected the [[Microsoft]] [[Windows 3.1x]], [[Windows NT 3x]], [[Windows 95]] and [[Windows NT 4.0|Windows NT 4]] [[computer]] [[operating system]]s.<ref>{{Cite web |date=2000-06-21 |title=Microsoft Security Advisor Program: Network Denial of Service Attacks |url=https://web.archive.org/web/20000621042153/http://www.microsoft.com/security/bulletins/netdos.asp |access-date=2025-03-17 |website=web.archive.org}}</ref> The [[exploit (computer security)|exploit]] sent a string of [[Out-of-band data]] (OOB data) to the target computer on [[TCP/IP|TCP]] port 139 ([[NetBIOS]]),<ref>{{cite web|url=http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0153 |title=National Vulnerability Database (NVD) National Vulnerability Database (CVE-1999-0153) |publisher=Web.nvd.nist.gov |date= |accessdate=2010-09-23}}</ref> causing it to lock up and display a [[Blue Screen of Death]] (BSOD). This does not damage or change the data on the computer's hard disk, but any unsaved data would be lost. This exploit has been patched with the release of Windows Socket 2 update for Windows 95 and Service Pack 3 for Windows NT 4.<ref>{{Cite web |date=1999-04-27 |title=Windows 95 Download: Windows 95 Windows Sockets 2 Update |url=https://web.archive.org/web/19990427043847/http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/default.asp |access-date=2025-03-17 |website=web.archive.org}}</ref> [[Windows 98]] RC0, [[Windows 2000]] and newer operating systems are not vulnerable to this exploit. In 2002, a second incarnation of the similar exploit that utilized Network Share Provider appeared, was identified by Microsoft in 2004 and was patched subsequently. [[Windows Vista]] and newer Microsoft Operating Systems are immune to both of these exploits. ==Details== The so-called OOB simply means that the malicious TCP packet contained an [[TCP header|Urgent pointer]] (URG). The "Urgent pointer" is a rarely used field in the TCP header, used to indicate that some of the data in the TCP stream should be processed quickly by the recipient. Affected operating systems did not handle the Urgent pointer field correctly. A person under the screen-name "_eci" published [[C (programming language)|C]] [[source code]] for the exploit on May 9, 1997.<ref>{{cite web|url=http://insecure.org/sploits/windows.OOB.DOS.html |title=Windows NT/95/3.11 Out Of Band (OOB) data barf |publisher=Insecure.org |date= |accessdate=2010-09-23}}</ref> With the source code being widely used and distributed, Microsoft was forced to create security patches, which were released a few weeks later. For a time, numerous flavors of this exploit appeared going by such names as fedup, gimp, killme, killwin, knewkem, liquidnuke, mnuke, netnuke, muerte, nuke, nukeattack, nuker102, pnewq, project1, {{Not a typo|pstlince}}, simportnuke, sprite, sprite32, vconnect, vzmnuker, wingenocide, winnukeit, winnuker02, winnukev95, wnuke3269, wnuke4, and wnuke95. A company called SemiSoft Solutions from New Zealand created a small program, called AntiNuke, that blocks WinNuke without having to install the official patch.<ref>[http://robert.grefstad.com/win/error_winnuke.html Windows OOB Bug, also known as WinNuke] {{Webarchive|url=https://web.archive.org/web/20110526041251/http://robert.grefstad.com/win/error_winnuke.html |date=2011-05-26 }}. Grefstad.com.</ref> == Second Incarnation == In 2002, a second incarnation of WinNuke that utilized similar exploit involving Network Share Provider appeared<ref>{{cite web |last=Michael |first=James |date=2002-10-02 |title=WinNuke lives on, and it's coming to a system near you |url=http://www.techrepublic.com/article/winnuke-lives-on-and-its-coming-to-a-system-near-you/ |archive-url=https://web.archive.org/web/20160513051306/http://www.techrepublic.com/article/winnuke-lives-on-and-its-coming-to-a-system-near-you/ |archive-date=2016-05-13 |accessdate=2010-09-23 |website=TechRepublic |publisher=TechRepublic}}</ref> that affected Microsoft Windows NT 4, Windows 2000 and [[Windows XP]] operating systems and also affected Microsoft .[[.NET Framework|NET Framework]] as well. This exploit was identified by Microsoft in 2004 and was patched for Windows 2000 and Windows XP, and also was included as part of Service Pack 2 for Windows XP as well.<ref>{{Cite web |title=Microsoft Update Catalog |url=https://www.catalog.update.microsoft.com/Search.aspx?q=KB326830 |access-date=2025-03-17 |website=www.catalog.update.microsoft.com}}</ref> Windows NT 4 with Service Pack 6a remains unpatched for this second incarnation of the exploit. ==See also== * [[Ping of death]] ==References== {{reflist}} {{DEFAULTSORT:Winnuke}} [[Category:Attacks against TCP]] [[Category:Denial-of-service attacks]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite web
(
edit
)
Template:Not a typo
(
edit
)
Template:Reflist
(
edit
)
Template:Webarchive
(
edit
)