May 12, 1997 4:30 PM PDT
Hole in Windows 95, NT fixed
- Related Stories
Another bug in ExplorerMay 8, 1997
Princeton team finds Java glitchApril 29, 1997
AOL preps Explorer patchApril 11, 1997
Security review stalls ExplorerMarch 31, 1997
MS to upgrade browser securityMarch 20, 1997
MS posts IE bug fixesMarch 10, 1997
Microsoft security flaws run deepMarch 6, 1997
New IE security hole foundMarch 6, 1997
According to several users who have contacted CNET's NEWS.COM, the glitch could leave PCs vulnerable to what are called "denial of service" attacks from a rogue Web site that would temporarily prevent users from using their computers.
The vulnerability is the second to hit Microsoft in the past two weeks and the latest in a lengthy series of glitches to affect its products over the past few months. Last week, the company issued a patch for a problem that affected users of its Internet Explorer and PowerPoint presentation software.
In order to exploit the latest vulnerability, a Web site needs to send a special TCP/IP command known as "out of band" data to port 139 to a computer running Windows 95 or NT. A hacker could also target users' PCs through a program for Windows, Unix, and Macintosh now circulating on the Net called WinNuke. To crash a PC over the Net, a hacker simply types a user's Internet protocol address into WinNuke and then clicks the program's "nuke" button.
Several Web sites, including one called MyDesktop.com, have posted information on the Windows glitch, including their own fixes that protect users against the vulnerability.
Michael Furdyk, senior editor at MyDesktop.com, a resource site for Windows users, said that he first posted information on the vulnerability last Saturday. Furdyk said he has witnessed the WinNuke program being used to knock participants in Internet relay chat (IRC) groups off the Net.
"You can nuke anyone on the Internet who has Windows NT or 95," he said.
Furdyk said the bug also affects Windows 3.11 users, though he has not been able to successfully perform the same attack on Unix and Mac machines. If attacked using the "out of band" command, a Windows 3.11 will revert to DOS mode, he added.
Even though the vulnerability does not appear to leave PCs open to data theft, Microsoft said that it is taking it seriously.
"Any problem that can cause a system to hang is a serious problem," said Jonathan Roberts, director of product marketing for Microsoft's Windows team. "However isolated the incidents, we take all these things seriously."
Roberts added that the patch will also be included in service pack 3, a collection of software patches for Windows NT due out later this week.
Some users complained today that Microsoft has known about this vulnerability for some time and has been slow to prepare a patch for it. A Microsoft spokeswoman confirmed that the company has known about the vulnerability for a few weeks, but that it was not slow to act.
"Microsoft doesn't promote problems until they have solutions," the spokeswoman said. "While they have known about it for some time, they have been actively working on a fix."