May 19, 1997 6:15 PM PDT
Microsoft plugs Windows 95 hole
- Related Stories
Microsoft fixes Java bugMay 19, 1997
Hole in Windows 95, NT fixedMay 12, 1997
Another bug in ExplorerMay 8, 1997
Princeton team finds Java glitchApril 29, 1997
AOL preps Explorer patchApril 11, 1997
Security review stalls ExplorerMarch 31, 1997
MS to upgrade browser securityMarch 20, 1997
MS posts IE bug fixesMarch 10, 1997
Microsoft security flaws run deepMarch 6, 1997
Microsoft (MSFT) said that it will post a patch tomorrow that shields Windows 95 users against the "out of band" attack, a week after posting a similar patch for users of its Windows NT operating system.
But Microsoft's patch may not completely protect its operating systems from being bounced off the Net. According to several users who contacted CNET's NEWS.COM today, Microsoft's Windows NT patch does not shield users from attacks launched from Macintosh computers, though it does appear to prevent Unix and other Windows users from issuing out of band attacks.
In order to exploit the latest vulnerability, Web sites must send a special TCP/IP command known as out of band data to port 139 of a computer running Windows 95 or NT. Hackers could also target users' PCs through a program for Windows, Unix, and Macintosh now circulating on the Net called WinNuke. To crash a PC over the Net, a hacker simply types a user's Internet protocol address into WinNuke and then clicks the program's "nuke" button.
Michael Furdyk, senior editor at MyDesktop.com, a resource site for Windows users, said today that he has received email from more than two dozen Windows NT users who have been successfully nuked in Internet relay chat groups, where many out of band attacks have occurred, even though they have the Microsoft patch installed.
"People are confused about what's happening," Furdyk said.
A Microsoft spokeswoman today could not confirm whether NT users were still vulnerable to Mac attacks, and whether those users who install the Windows 95 patch would also be vulnerable. She also could not confirm whether users of Microsoft's older Windows 3.11 OS were also affected by the problem.
The patches for Windows NT versions 4.0 and 3.51 are available on Microsoft's Web site. Last Thursday, the company also posted a collection of software patches, called service pack 3, that contains the NT out of band fix.