Information Security News mailing list archives
A real Windows back door
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Fri, 10 Sep 1999 15:20:31 -0600
http://www.zdnn.com/a/zdnn091099/2331412/ A real Windows back door Beta 3 releases of Windows 2000 are wide open to hack attack. By David Raikow, Sm@rt Reseller September 9, 1999 12:58 PM PT [INLINE] Amid all the spurious hype about the supposed "NSA Back Door" in Windows NT, a real and very dangerous security breach in some builds of Windows 2000 Beta 3 has gone almost unnoticed. Add your comments to the bottom of this page. In an e-mail circulated Monday, David Litchfield of security consultancy Arca Systems Inc. described a simple technique that would give an attacker full access to a susceptible machine. Microsoft (Nasdaq:MSFT) acknowledges it was aware of the breach within days of shipping Windows 2000 Beta 3 in April. The breach will be disabled in its Release Candidate 2 build, which Microsoft could release next week. While not the final release of Windows 2000, Beta 3 is the most widely circulated build, and one which Microsoft sold to interested testers and got certain OEMs to agree to preload on new systems. Microsoft claims that more than 650,000 testers are working with the build and the subsequent release candidates which Beta 3 testers receive. Autologin the culprit The Windows 2000 security problem stems from an "autologin" feature that Microsoft incorporated into the initial Beta 3 release. [snip..] ISN is sponsored by Security-Focus.COM
Current thread:
- A real Windows back door mea culpa (Sep 11)