A remote denial of service vulnerability has been discovered in the Telnet Server that ships with Microsoft Windows 2000. The denial of service can occur when a malicious client sends a particular malformed string to the server. Although the Telnet service is provided as part of Windows 2000 products, the service is not enabled by default, and customers who have not enabled it would not be at risk. Even in affected systems, the effect of the vulnerability is limited to Telnet itself there is no capability to cause other services to fail, or to cause Windows 2000 to fail. Telnet services could be restored after an attack by restarting the Telnet Server.
Microsoft has released this patch to eliminate this security vulnerability.