Microsoft Admits NT Has Serious Security Flaw.

Microsoft has acknowledged a serious security flaw in NT when used with Service Pack 4 (SP4) -- probably the most commonly deployed version of its operating system. The flaw enables hackers to masquerade as trusted hosts to get access to secure systems, using so-called Predictable IP Sequence Numbering - something that was identified and fixed in Unix systems several years ago, according to Richard Thomas, head of Winterfold Datacomm (Guildford, UK), a networking consultancy. Security problems had been found in earlier versions of NT, but the bundle of patches and fixes in SP4 were supposed to have made everything watertight. That_s proved not to be the case, according to NTA Monitor (Rochester, UK), a consultancy that conducts security audits on corporate systems by simulating hacker attacks over the Internet. When conducting such an audit, it came across Predictable IP Sequence Numbering at a customer site using NT with SP4. After doing bench tests to establish that the problem was generic to NT and SP4, NTA-Monitor contacted Microsoft. After nearly three weeks of deliberations, Microsoft has come clean. Sunil Gopal, a technical specialist at Microsoft, acknowledged the problem on Tuesday in a memo to Roy Hills, NTA-Monitor_s testing development director. His memo says fault has been eliminated in Windows 2000 and "will be back-ported to NT 4.0 in a future SP release."