Microsoft has confirmed a security vulnerability in its Windows NT operating system that could allow unauthorized access to sensitive
information in administrator files.
The news comes just two days after Microsoft acknowledged that a feature in its Windows 98 operating system can be used to collect information on authors of electronic documents without their knowledge and vowed to fix the problem. (See related story)
The Windows NT problem is triggered by malicious software that allows a user to get into protected files on an NT system via the screensaver. When the screensaver launches, the malicious user can gain access to privileges that he or she should not ordinarily be able to obtain, Microsoft confirmed.
The bug was discovered by Cybermedia
Software of India.
Privacy has become an increasingly difficult issue for the computer industry in general. Earlier this week, for example, protests against Intel's Pentium III processor escalated over security ID numbers included on the chips.
Microsoft is working to repair the Windows NT problem and plans to
disseminate a patch this week. The company will also issue a security alert
to notify users about the problem, according to Scott Culp, security
product manager for Microsoft.
"This vulnerability would allow someone to gain more privileges than they
should have and do things they shouldn't be able to do," Culp said of the NT problem. However, to exploit the vulnerability, a hacker would have to be sitting at the workstation or server intended for the attack, a fairly rare situation.
"This primarily would affect workstations, but most people are already local administrators on their workstations," Culp said, so the issue would be moot. Because of this, and because the malicious software would have to be fairly sophisticated technically, he believes that "it is not an easy attack to pull off."
"It requires a detailed understanding of the operating system--it's a
highly technical attack. This isn't something that's easily put together."
There have been no known instances of the hack to date, he added.
The bug affects Windows NT 4.0. Microsoft will repair the problem in the
Windows 2000 operating system, Culp said. "We're still investigating all the affected versions," he said.
"We're taking this very seriously. We take security very seriously in all
cases," he said.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
A lawsuit from Swiss company SmartData alleges that three of Apple's products infringe on one of SmartData's patents, while saying Apple ignored pleas to strike a licensing deal.
Chitika, which analyzes Web traffic across its advertising network, says it found that iOS has overtaken Mac OS X in total Web market share for the first time.
A German judge has ruled in favor of Apple in one of several patent suits with Motorola, finding that iPhone maker did not violate a patent related to 3G/UMTS wireless communications.
Crave Asia goes hands on with the first product in Bang & Olufsen's new Play line of affordable home entertainment products. See how the Beolit 12 AirPlay speakers stack up.
Join the conversation