Microsoft Windows 9x / Me IPX NMPI Packet DoS Vulnerability



Date Discovered

October 10, 2000


If NWLink (which enables Microsoft Windows to interoperate with Novell stations) is enabled on a Windows 9x or ME system, it is possible to create broadcast storms which could severely impede upon network operations or cause certain targeted machines to fail. IPX/SPX (Internetworked Packet Exchange/Sequenced Packet Exchange) is the protocol implemented by NWLink and periodically sends out broadcast messages across a network. NMPI (Netbios Name Management Port Interface) can be utilized as a NetBIOS replacement when implementing direct hosting with IPX. Window 9x and ME do not properly handle NMPI packets that have the source network address and destination address containing the same value. Sending this type of packet would create a broadcast storm because every affected machine would respond to the broadcast address, that is, the entire network. One malformed NMPI packet could create a great deal of network congestion momentarily, however, sending several of them repeatedly could result in a prolonged network outage. IPX is not installed by default on Windows 9x or ME systems with the exception of Windows 95 machines that had a plug 'n play network card present during the time of installation.

Technologies Affected

  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows 98SE
  • Microsoft Windows ME

Microsoft has released the following patches which eliminate the vulnerability:



Publicized in a Microsoft Security Bulletin (MS00-073) on October 10, 2000.

© 1995- Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from


The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.