Security Hole in Microsoft's Windows NT Operating System Widens as Hackers Enhance Code;

ActiveX Can Be Used to 'Hack' Into NT, Security Expert Tells CMP's EE Times Online

PRNewswire
MANHASSET, N.Y.
Apr 3, 1997

The elite group of professional security experts who uncovered the significant hole in Microsoft's (NASDAQ: MSFT) Windows NT have now written enhancements to the code that makes the network operating system even more vulnerable than originally thought, according to EE Times Online (http://www.eet.com/).

According to a report by the publication's Internet Editor, Larry Lange, which was posted tonight, the hackers' code enhancements now make it even easier to break into a Windows NT network and steal user passwords because it does not require that he/she be a network administrator. This revelation directly contradicts the Redmond, Wash. software giant's response to EE Times' original reporting of the flaw, which Microsoft posted on its Web site on Tuesday.

Furthermore, at press time, no solution, fix or patch is forthcoming. Instead, Microsoft will quell all related security problems with next year's Windows NT upgrade, EE Times Online reports.

Yobie Benjamin, the Cambridge, Mass., programmer who first brought the security breech to public notice maintains his original position.

"Despite Microsoft's denial of the problem, I still contend that the code being released, NT's SAM (Security Accounts Manager), was not accessible even by the administrator. The admin only had access to the user names, and could change the passwords but not see the encrypted, or hashed passwords," said Benjamin. The security expert went on to add that with the new enhancements it is now possible to get the user names and hashed password via a "dictionary attack" that will extract the encrypted passwords by translating them into plain text.

For his part, Jeremy Allison, a programmer at Cygnus Solutions (Sunnyvale, Calif.) and principal author of the original hack, went further saying that with the new enhancements, he could now "impersonate any of the users" on the network.

Benjamin also told EE Times that he has found another route to gaining access to NT passwords, though unlike the other hacks which have been circulating via the Internet, he has not made this one publicly available. Benjamin's new route uses the Microsoft programming language ActiveX, which is embedded in the company's security-troubled Internet Explorer Web browser.

The hacker community expects to see more efforts to breech NT, motivated by the hacker's troubleshooting ethic. "On the Net the world is small," said Benjamin. "It's not about religion, and it's not about Unix, NT, Novell. It's about excellence."

EE Times, published by CMP Media Inc., covers the high tech OEM industry. The well-respected weekly delivers news of both business and technology to engineers and technical/corporate managers at electronics and computer systems manufacturers in the United States.

CMP Media Inc. provides publishing, marketing and information services to the broad high-technology spectrum -- the builders, sellers and users of technology -- through print and electronic media. All of CMP's publications and online products can be accessed through the company's TechWeb® site on the World Wide Web (http://www.techweb.com/). Print titles include Computer Reseller News, InformationWeek and WINDOWS Magazine.

NOTE: All of CMP's press releases are available on the Web at http://techweb.cmp.com/corporate. Journalists and reporters may also set up interviews with CMP's high technology experts through the site by e-mail.

-0- 4/3/97

SOURCE: CMP Media Inc.

CONTACT: Steve Rubel, 516-562-7434, or srubel@cmp.com, Leslie Dunbar,
516-562-7040 or ldunbar@cmp.com, both of CMP Corporate Communications