source: It has been reported that clicking a malformed 'callto:' URI in Internet Explorer will cause Windows 2000 systems to crash, resulting in a blue screen.This appears to be due to a boundary condition error in one of the URI parameters of the CALLTO protocol handler.The vulnerability could allow a malicious user to temporarily prevent an affected machine from providing any Net Meeting services and possibly consume 100% CPU utilization during an attack.On June 20, 2001, the bulletin was updated to advise that a patch is available, to address a new variant of the vulnerability.Is Net Meeting running by default in Windows 2000 or Windows NT 4.0?
It could also hinder the affected machine from performing other tasks due to 100% CPU utilization during an attack. Where can I learn more about best practices for security?The vulnerability could be used to deny Net Meeting services, but could not be used for any broader attack - that is, it could not be used to compromise data on an affected server or usurp administrative control. There is a flaw in a Net Meeting feature which drives CPU utilization to 100% and also causes the application to hang when sent a particular malformed input string from a malicious client machine. Net Meeting is an application included with Windows 2000 (or can be downloaded from for Windows NT 4.0) that enables real-time audio, video, and data communication over the Internet.The feature of Net Meeting at issue in this vulnerability is Remote Desktop Sharing.What's the problem with the Net Meeting Application?The affected version of Net Meeting, with Remote Desktop Sharing enabled, does not correctly handle a particular kind of malformed input string sent to it from a client.Call anyone from Cisco IP phones or directly from a Webex Teams space.Webex Calling is a cloud-based phone service that’s perfect for small to mid-size organizations.source: The Remote Desktop Sharing component of Microsoft Net Meeting for Windows NT 4.0 / 2000 does not properly handle a particular type of malformed input string sent over port 1720.CPU utilization can be caused to spike to 100% and any existing Net Meeting sessions would fail in the event of an attack.No further technical details have been made available. Published: October 13, 2000 | Updated: June 20, 2001 Version: 1.2 Originally posted: October 13, 2000Updated: June 20, 2001 On October 13, 2000, Microsoft released the original version of this bulletin, to discuss the availability of a patch that eliminates a security vulnerability in Net Meeting, an application that ships with Microsoft® Windows 2000 and is also available as a separate download for Windows NT® 4.0.