Microsoft Admits NT Has Serious Security Flaw.
Published:
28 August 1999 y., Saturday
Microsoft has acknowledged a serious security flaw in NT when used with Service Pack 4 (SP4) -- probably the most commonly deployed version of its operating system. The flaw enables hackers to masquerade as trusted hosts to get access to secure systems, using so-called Predictable IP Sequence Numbering - something that was identified and fixed in Unix systems several years ago, according to Richard Thomas, head of Winterfold Datacomm (Guildford, UK), a networking consultancy. Security problems had been found in earlier versions of NT, but the bundle of patches and fixes in SP4 were supposed to have made everything watertight. That_s proved not to be the case, according to NTA Monitor (Rochester, UK), a consultancy that conducts security audits on corporate systems by simulating hacker attacks over the Internet. When conducting such an audit, it came across Predictable IP Sequence Numbering at a customer site using NT with SP4. After doing bench tests to establish
that the problem was generic to NT and SP4, NTA-Monitor contacted Microsoft. After nearly three weeks of deliberations, Microsoft has come clean. Sunil Gopal, a technical specialist at Microsoft,
acknowledged the problem on Tuesday in a memo to Roy Hills, NTA-Monitor_s testing development director. His memo says fault has been eliminated in Windows 2000 and "will be back-ported to NT 4.0 in a future SP release."
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.
The most popular articles
Software company announced new structure_ of it_s business.
more »
Lindows.com, the Linux operating system maker, is being forced to re-evaluate its strategy to lure the average computer user away from Windows
more »
Threats of terrorism concern IT professionals, and almost half of those surveyed indicated that a major cyber attack on the U.S. government could be imminent
more »
search.lt presents newest links
more »
If a user wearing the system's security token walks away from his or her laptop, the system senses it and begins securing the computer by encrypting all data
more »
Iraq and Russia are close to signing a US$40 billion economic cooperation plan, Iraq's ambassador said Saturday
more »
search.lt presents newest links
more »
Russian figure skating champions Anton Sikharulidze and Yelena Berezhnaya have voiced their intention to sue US media companies for libel
more »
Microsoft has released a patch for three vulnerabilities, one of which is "critical," in its Content Management Server 2001 product for building and maintaining Web sites.
more »
The Defense Department's Biometrics Management Office (BMO) and the Army's Communications-Electronics Command (Cecom) are partnering to test the integration of fingerprint technology into the Army's tactical Network Operations Center-Vehicle
more »
ParallelGraphics Joins Forces with Leading Technology Companies to Establish the CAD 3D Working Group
more »