[ISN] Windows NT4 servers open to hackers

From: InfoSec News (isn@private)
Date: Fri Mar 11 2005 - 02:10:39 PST


By Sam Varghese
March 11, 2005 

Hundreds of thousands of websites which run on Windows NT4 are
vulnerable to a critical flaw in a key Windows networking protocol,
the network services firm Netcraft says.

The flaw, in the server message block (SMB) protocol, could allow a
remote attacker to seize control of a vulnerable server. This protocol
allows Windows computers to share files and printers on a network.

Microsoft issued an advisory for the flaw on February 8 but patches
were issued only for recent versions of Windows - 2000 Service Pack 3
and Service Pack 4, XP Service Pack 1 and Service Pack 2, XP 64-Bit
Edition Service Pack 1 (Itanium), XP 64-Bit Edition Version 2003
(Itanium), Server 2003 and Server 2003 for Itanium-based Systems.

Microsoft ended official support for Windows NT 4.0 on December 31
last year.

Security firm eEye Digital Security raised the issue on the BugTraq
vulnerability mailing list by pointing out that Microsoft would not be
releasing a public Windows NT 4.0 patch for this flaw as this version
of Windows had reached its end of life.

"Microsoft has, however, created a private patch for customers who
have paid for extended Windows NT 4.0 support," eEye's chief hacking
officer Marc Maiffret wrote.

He said if an organisation was unlucky enough to still have Windows NT
4.0 systems and was unable to pay for extended support then there were
not many options to ensure that their systems were safe.

Netcraft said that in its latest monthly survey of websites, it had
found 1.1 percent of web-facing hostnames continued to run NT4. The
survey found a total of over 60 million sites.

Maiffret said there was a way to defend against some attacks. "One way
we found to mitigate these attacks, at least some of them, is to
enable SMB Signing. This does not truly mitigate the attack but
instead it creates change in the SMB protocol that most attack tools I
have seen do not support," he wrote.

Microsoft has been asking customers to upgrade to Server 2003, citing
security as a reason.

Bellua Cyber Security Asia 2005 -

This archive was generated by hypermail 2.1.3 : Fri Mar 11 2005 - 05:27:54 PST