July 9, 1997 4:15 PM PDT
MS posts GetAdmin fix for NT
The tool, called GetAdmin, only works on Windows NT 4.0 machines and does not affect previous versions of the popular operating system. The fix is available at Microsoft's Web site.
"This is not the sort of problem that would come up during normal usage," according to Mike Nash, director of marketing for Windows NT Server and infrastructure products.
In the aftermath of the initial fix being posted, several emails were sent to CNET's NEWS.COM indicating that the patch does not completely fix the problem. A Web site dedicated to Windows NT security issues also warns readers that GetAdmin can still work with the fix in place.
The tool has been the subject of discussion in numerous online newsgroups and security lists in recent days. Built by a Russian developer and available on Internet newsgroups, it exploits a bug in Windows NT that allows a user to add themselves to the local administrator's group account.
With the growing popularity of the operating system, Windows NT has been the subject of increasingly frequent attacks from hackers looking to poke holes in a platform that is gaining rapid acceptance in mission-critical network environments.
Microsoft officials suggest that any user who is not certain about the physical security of their machine should download the patch as a precaution. Particularly in the case of Windows NT Server, however, machines are often locked in a central office or closet with security procedures in place, minimizing the need for the patch.
Users who take advantage of the tool must also already have log-in rights to a machine, which means that a certain level of trust has already been established with the user. For instance, an administrator is unlikely to hand out log-in rights to an NT Server domain controller machine.
Nevertheless, local access to a Windows NT Workstation machine would allow an unwanted user to manipulate private files and access potentially sensitive data.