Manage updates with the Download App
May 19, 1997 6:15 PM PDT
Microsoft plugs Windows 95 hole
- Related Stories
-
Microsoft fixes Java bug
May 19, 1997 -
Hole in Windows 95, NT fixed
May 12, 1997 -
Another bug in Explorer
May 8, 1997 -
Princeton team finds Java glitch
April 29, 1997 -
AOL preps Explorer patch
April 11, 1997 -
Security review stalls Explorer
March 31, 1997 -
MS to upgrade browser security
March 20, 1997 -
MS posts IE bug fixes
March 10, 1997 -
Microsoft security flaws run deep
March 6, 1997
Microsoft (MSFT) said that it will post a patch tomorrow that shields Windows 95 users against the "out of band" attack, a week after posting a similar patch for users of its Windows NT operating system.
But Microsoft's patch may not completely protect its operating systems from being bounced off the Net. According to several users who contacted CNET's NEWS.COM today, Microsoft's Windows NT patch does not shield users from attacks launched from Macintosh computers, though it does appear to prevent Unix and other Windows users from issuing out of band attacks.
In order to exploit the latest vulnerability, Web sites must send a special TCP/IP command known as out of band data to port 139 of a computer running Windows 95 or NT. Hackers could also target users' PCs through a program for Windows, Unix, and Macintosh now circulating on the Net called WinNuke. To crash a PC over the Net, a hacker simply types a user's Internet protocol address into WinNuke and then clicks the program's "nuke" button.
Michael Furdyk, senior editor at MyDesktop.com, a resource site for Windows users, said today that he has received email from more than two dozen Windows NT users who have been successfully nuked in Internet relay chat groups, where many out of band attacks have occurred, even though they have the Microsoft patch installed.
"People are confused about what's happening," Furdyk said.
A Microsoft spokeswoman today could not confirm whether NT users were still vulnerable to Mac attacks, and whether those users who install the Windows 95 patch would also be vulnerable. She also could not confirm whether users of Microsoft's older Windows 3.11 OS were also affected by the problem.
The patches for Windows NT versions 4.0 and 3.51 are available on Microsoft's Web site. Last Thursday, the company also posted a collection of software patches, called service pack 3, that contains the NT out of band fix.
