Security News > 2005 > March > Windows NT4 servers open to hackers
http://www.theage.com.au/news/Breaking/Windows-NT4-servers-open-to-hackers/2005/03/11/1110417668599.html By Sam Varghese March 11, 2005 Hundreds of thousands of websites which run on Windows NT4 are vulnerable to a critical flaw in a key Windows networking protocol, the network services firm Netcraft says. The flaw, in the server message block (SMB) protocol, could allow a remote attacker to seize control of a vulnerable server. This protocol allows Windows computers to share files and printers on a network. Microsoft issued an advisory for the flaw on February 8 but patches were issued only for recent versions of Windows - 2000 Service Pack 3 and Service Pack 4, XP Service Pack 1 and Service Pack 2, XP 64-Bit Edition Service Pack 1 (Itanium), XP 64-Bit Edition Version 2003 (Itanium), Server 2003 and Server 2003 for Itanium-based Systems. Microsoft ended official support for Windows NT 4.0 on December 31 last year. Security firm eEye Digital Security raised the issue on the BugTraq vulnerability mailing list by pointing out that Microsoft would not be releasing a public Windows NT 4.0 patch for this flaw as this version of Windows had reached its end of life. "Microsoft has, however, created a private patch for customers who have paid for extended Windows NT 4.0 support," eEye's chief hacking officer Marc Maiffret wrote. He said if an organisation was unlucky enough to still have Windows NT 4.0 systems and was unable to pay for extended support then there were not many options to ensure that their systems were safe. Netcraft said that in its latest monthly survey of websites, it had found 1.1 percent of web-facing hostnames continued to run NT4. The survey found a total of over 60 million sites. Maiffret said there was a way to defend against some attacks. "One way we found to mitigate these attacks, at least some of them, is to enable SMB Signing. This does not truly mitigate the attack but instead it creates change in the SMB protocol that most attack tools I have seen do not support," he wrote. Microsoft has been asking customers to upgrade to Server 2003, citing security as a reason. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
News URL
Related news
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)