Microsoft posts Windows NT patch

By Stephanie Miles
Staff Writer, CNET News

Post a comment

Related Stories: New security hole found in Windows 98
March 10, 1999; Microsoft confirms Windows NT glitch
March 10, 1999; Groups press agency on Pentium III
March 8, 1999; Microsoft admits privacy problem, plans fix
March 7, 1999

Microsoft has released a patch for a Windows NT bug that allows users to gain access to privileged files by exploiting a flaw in the screensaver.

Microsoft issued a security bulletin to its users on Friday night and made the patch available on its Web site.

The Windows NT screensaver matches the security level of the user logged onto the machine, Microsoft explained, but does not check to make sure that the match is accurate. Theoretically, a malicious screensaver file could allow any user to log on as an administrator.

The NT flaw is the latest in a long line of security issues that have beset the software maker.

Microsoft admitted last week that its Windows 98 operating system had surreptitiously, and unintentionally, according to the company, been gathering user identification numbers during the Windows 98 registration process. Although Microsoft at first insisted that the numbers were only read by the Microsoft Web site, subsequently, the company confirmed that any Web site could gain access to the identification information.

Microsoft's privacy woes come on the heels of Intel's battle with privacy advocacy groups over its decision to include a serial number on each Pentium III processor that can identify users during ecommerce transactions. Privacy groups fear that such a feature could allow marketers and hackers to share or steal information about users.

The two types of machines at risk for this particular NT security bug are workstations and terminal servers that allow non-administrative users to interactively log on, or servers that allow remote users to execute programs. Windows NT 4.0 is affected by the problem.

There are no known examples of machines that were hacked using this glitch, Microsoft said. Last week, Microsoft product manager Scott Culp said he believed any attack using this vulnerability was unlikely.

"It requires a detailed understanding of the operating system--it's a highly technical attack. This isn't something that's easily put together," he said.

The Windows NT bug was discovered by Cybermedia Software of India.

Latest tech news headlines

Micron to buy Numonyx for $1.27 billion
Posted in Nanotech - The Circuits Blog by Brooke Crothers

February 9, 2010 8:35 PM PST
Rafe and Josh debate Google's Buzz
Posted in Webware by Rafe Needleman, Josh Lowensohn

February 9, 2010 6:10 PM PST
YouTube's traffic data for music questioned
Posted in Media Maverick by Greg Sandoval

February 9, 2010 5:07 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Dow Jones Industrials (1.52%) 150.25 10,058.64; S&P 500 (1.30%) 13.78 1,070.52; NASDAQ (1.17%) 24.82 2,150.87; CNET TECH (1.12%) 16.96 1,524.71

Inside CNET News

Scroll Left Scroll Right

Nanotech - The Circuits Blog
Micron to buy Numonyx for $1.27 billion
One of the world's largest flash memory makers agrees to be acquired by Micron Technology in a deal worth approximately $1.27 billion.
Gallery
Images: Stewart Butterfield's new gaming start-up
Software, Interrupted
Big IT vendors overcomplicating the cloud
CA and NetApp have joined together on cloud offerings. But are they missing the point of simplifying enterprise IT?
Beyond Binary
Olympic snow still in short supply at Cypress
Olympic organizers have now shortened training, stepped up trucking of snow, and even turned to adding dry ice to the mix to make sure the venue is ready for the start of the Games.
Video
CNET first look at Google Buzz
Media Maverick
YouTube's traffic data for music questioned
The number of visitors to Warner Music Group's YouTube videos doubled in January and outpaced the much larger Vevo. But those numbers are now being questioned.
Video
Apple iPad: Is it for you?
The Social
Brangelina kiss lands Paul Allen on TMZ
The Microsoft co-founder appears to have gotten chummy with the Hollywood power couple, even chilling with them in the same box at the Super Bowl last weekend.
Crave
Intel taps student's robot for processor demo
University of Arizona engineering student creates a six-legged Atom-powered bot that can "learn" to walk on its own, and Intel brings it along on the company road show.
Gallery
Next-generation 747 takes first air (photos)
Crave
Panasonic updates 3-chip camcorders
Though Panasonic's replacements for its 300 series' models have relatively minor updates, they seem like nice enhancements.
Green Tech
A Toyota Prius owner waits for the recall
Last summer, CNET's Martin LaMonica wanted to see if his new Prius could hit the magic 50-mpg mark. Now he's wondering when his spiffy hybrid will get a fix for faulty brakes.