Microsoft fills NT 4.0 security hole

Microsoft Corp. has plugged the “Named Pipes over RPC” security flaw, the first hole sprung by Windows NT 4.0 since the release of the company’s latest pack of fixes, Service Pack 4.

The hole allowed hackers to provoke a denial-of-service attack on an NT 4.0 system by opening multiple named pipe connections to Remote Procedure Call (RPC) services and sending random data.

The security breach was discovered and reported to Microsoft by Mnemonix, an information security specialist and self-described NT hacker who works for a company in the United Kingdom. It affects Windows NT Server and Workstation, both the standard and Enterprise editions, as well as Windows Terminal Server.

Microsoft security engineers said a hacker could exploit the way NT 4.0 deals with invalidly named pipe RPC connections. Although different system services could be hacked, two of the services typically targeted are the SPOOLSS and LSASS system service processes, according to Microsoft officials.

“When the RPC service attempts to close the invalid connections, the service consumes all CPU resources and memory use grows considerably, which may result in the system hanging,” Microsoft said in a statement on its Security Advisor Web site. “This is a denial of service vulnerability only; there is no risk of compromise or loss of data from the attacked system.”

Late in November, Microsoft posted a Knowledge Base article about the security hole to its Web site (www.microsoft.com), along with patches for all of the systems affected except for Terminal Server. That fix will be posted as soon as it is available, officials said.

However, officials said the fixes, although fully supported, had not yet been regression tested and warned users against applying them unless their systems are specifically vulnerable to the attack.

Otherwise, Microsoft recommended that users wait for the next NT service pack, which will include a fully regression-tested version of the patch. Microsoft has not indicated when a fifth service pack for NT 4.0 will be released.

Service Pack 4 was released in mid-October. More than a year in the making, it includes year 2000 fixes, support for the euro currency, and an array of other patches, fixes and updates.

An explanation of the security flaw is posted at http://oliver.efri.hr/~crv/security/bugs/NT/lsass.html/.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now