http://www.theage.com.au/news/Breaking/Windows-NT4-servers-open-to-hackers/2005/03/11/1110417668599.html By Sam Varghese March 11, 2005 Hundreds of thousands of websites which run on Windows NT4 are vulnerable to a critical flaw in a key Windows networking protocol, the network services firm Netcraft says. The flaw, in the server message block (SMB) protocol, could allow a remote attacker to seize control of a vulnerable server. This protocol allows Windows computers to share files and printers on a network. Microsoft issued an advisory for the flaw on February 8 but patches were issued only for recent versions of Windows - 2000 Service Pack 3 and Service Pack 4, XP Service Pack 1 and Service Pack 2, XP 64-Bit Edition Service Pack 1 (Itanium), XP 64-Bit Edition Version 2003 (Itanium), Server 2003 and Server 2003 for Itanium-based Systems. Microsoft ended official support for Windows NT 4.0 on December 31 last year. Security firm eEye Digital Security raised the issue on the BugTraq vulnerability mailing list by pointing out that Microsoft would not be releasing a public Windows NT 4.0 patch for this flaw as this version of Windows had reached its end of life. "Microsoft has, however, created a private patch for customers who have paid for extended Windows NT 4.0 support," eEye's chief hacking officer Marc Maiffret wrote. He said if an organisation was unlucky enough to still have Windows NT 4.0 systems and was unable to pay for extended support then there were not many options to ensure that their systems were safe. Netcraft said that in its latest monthly survey of websites, it had found 1.1 percent of web-facing hostnames continued to run NT4. The survey found a total of over 60 million sites. Maiffret said there was a way to defend against some attacks. "One way we found to mitigate these attacks, at least some of them, is to enable SMB Signing. This does not truly mitigate the attack but instead it creates change in the SMB protocol that most attack tools I have seen do not support," he wrote. Microsoft has been asking customers to upgrade to Server 2003, citing security as a reason. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Fri Mar 11 2005 - 05:27:54 PST