Microsoft Patches 1990s-Era 'Ping of Death' 128
CWmike writes "Microsoft on Tuesday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed 'Ping of Death.' While other patched vulnerabilities we more serious, one marked 'CVE-2011-1871' brought back memories for nCircle's Andrew Storms. 'This looks like the Ping of Death from the early-to-mid 1990s,' he said. 'Then, when a specially-crafted ping request was sent to a host, it caused the Windows PC to blue screen, and then reboot.' Two decades ago, the Ping of Death (YouTube video demonstration) was used to bring down Windows PCs remotely, often as a way to show the instability of the operating system."
Re:Misleading title (Score:4, Insightful)
It would make more sense if you provided context for your quote
Storms said it appeared that today's "Ping of Death" bug was a different vulnerability than Microsoft patched in its now-ancient OSes of the 1990s.
The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003.
Re:Misleading title (Score:5, Insightful)
That is stupid. Any IP host should respond to a ping. It's one way of testing if everything is working. Disabling ping just because your IP stack is buggy is security through obscurity. ICMP has to be implemented according to standard.