New hole discovered in Windows NT
- By Heather Harreld
- Apr 27, 1997
Security experts have uncovered another security hole described as the most serious yet discovered in Microsoft Corp.'s Windows NT Server operating system.
According to Atlanta-based Internet Security Solutions Inc. (ISS) a vulnerability embedded in Windows NT which is becoming an increasingly popular operating system among federal agencies could allow malicious computer users to gain unauthorized access to shared files applications and user information from any networked Windows NT system.
After being alerted to the problem last week by ISS Microsoft is working to eliminate the access point that causes the vulnerability said Enzo Schiano Microsoft's group product manager for Windows NT. The company was aware of the vulnerability and had planned to eliminate it with the release of Windows NT Version 5.0 planned for later this year he said. Now Microsoft plans to post a patch for the problem this week.
Christopher Klaus founder and chief executive officer of ISS said the security hole is one of the most serious that has surfaced since the first release of the NT operating system in 1995. Most NT security vulnerabilities result from improper configuration he said but this latest vulnerability is an "out-of-the-box" problem and could present hackers with a bounty of user information and other data that could expose systems to unauthorized users.
The vulnerability makes it possible for someone to read the registry of a remote machine and browse through users' files and shared files even if the person has no legitimate access to the target machine.But Schiano emphasized that the vulnerability does not allow unauthorized access to sensitive information."Users cannot access data on the share points nor can they modify security information such as a user accounts database " he said. "No sensitive information on the registry can be modified."
The source of the problem is a built-in undocumented Win-dows NT user known as "anonymous." This anonymous user is utilized by Windows NT for machine-to-machine communication and was not previously known to have access to any system resources including reading and writing to most installed applications."It's a Microsoft capability that they had put into NT as a default for helping them establish connections " Klaus said. "People didn't realize it could actually give access to the machine."
According to Klaus this feature allows users to gain access to any NT workstation with the permission of "anyone " thereby providing access to file systems that no one thought was possible. "That's very serious " Klaus said. "We're going to start seeing hackers use this to break into sites."
Windows NT is becoming increasingly popular with the federal government. For example the Social Security Administration is standardizing on the Windows NT platform as part of its Intelligent Workstation/ Local-Area Network program. The Coast Guard's Standard Workstation III awarded in 1995 also uses products based on Windows NT.
The Patent and Trademark Office announced plans last year to migrate to Windows NT at the desktop level. Of the three vendors tapped to provide general-purpose workstations as part of NASA's $1.8 billion Scientific and Engineering Workstation Procurement II two are providing workstations that support Unix and Windows NT.
While security bugs are commonplace in any new operating system Klaus said the high risks associated with these vulnerabilities usually result from network administrators failing to install patches because of a lack of awareness of a problem or its serious nature.
Tom Harris an analyst with International Data Corp. who follows Windows NT said the emergence of the networked computing environment and the complexity of operating systems are factors that naturally will lead to security vulnerabilities.
"Consider the millions of lines of code in an operating system " Harris said. "It's hard to make a million statements with no inconsistencies."