[SuSE Linux] [zdnn] Hackers find Windows NT hole

Sun, 21 Feb 1999 04:52:05 -0500 


Hackers find Windows NT hole
By Lisa M. Bowman
February 19, 1999
ZDNN

 A security hole in Microsoft Corp.'s Windows NT 4.0 server and workstation
could allow users connected to a network to get access to information they
shouldn't be viewing -- or even take over the network.

 The hole was discovered by L0pht Heavy Industries, a hacker group and
security-consulting firm. Right now, L0pht, which posted details about the
hole on its Web site, has only confirmed the problem in versions 4.0 service
pack 4.

----------------------------------------------
    'You could get elevated access.'
  -- Karan Khanna, Microsoft
 ---------------------------------------------

        According to L0pht, the opening could allow a local user to take
control of a network.

 Microsoft (Nasdaq:MSFT) said it will issue a bulletin to system
administrators who've subscribed to its security newsletter and post more
information on its Web site.

 From user to 'superuser'
 The problem arises when a network administrator uses one of the default
security settings instead of altering it to provide tighter protection.
Under the default setting, any user in the network potentially could replace
commonly used files with their own versions. As a result, that person can
obtain privileges they shouldn't have access to, essentially becoming an
administrator or "superuser."

  "If somebody had access to a machine, and the setting is not tight enough,
you could get elevated access," Karan Khanna, lead product manager of
Microsoft's Windows NT team, said.

 Microsoft said it hasn't heard of any users who've been adversely affected
by the hole. The company outlined ways to improve security in NT in a white
paper issued a year ago. Users who want to exploit this hole would have to
have an account and password on the network, so, in theory, they could be
easily traced.

 "It can't be done by an outsider," Khanna said.



See Also:
Intruder-alert simulators: Hackers plug security holes
Firm finds big security holes in Windows NT
MS, Netscape scramble to fix security holes


Copyright (c) 1999 ZDNet. All rights reserved.

-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archiv at http://www.suse.com/Mailinglists/suse-linux-e/index.html

Reply via email to