Microsoft has admitted that clients on its networks can be crashed by remote and intranet users because of a problem with the TCP/IP stack for both NT and Windows 95. And although Microsoft has posted a fix for NT version 3.5x and 4.0, it is still working on producing a solution for Windows 95 based networks, meaning such systems are vulnerable to attacks from inside and outside.
According to researchers at the Web site http://www.ba.be/security, a problem with Microsoft Netbios is to blame. The person who owns the site, who declined to be named, said: ?If you commit to the Netbios port, Windows 95 blows up the network, Windows for Workgroup exits Windows and Windows NT crashes.?
Microsoft has posted what it claims is a fix to the Windows-wide problem on its site but that may not be sufficient for network administrators, he claimed.
The problem centres around out-of-bound data on ports allocated to Netbios, he said. ?It?s very easy to use a program called Win Nuke to crash every machine on an intranet that uses Netbios. System administrators should close off the Netbios port to prevent the problem.? He claimed that every Microsoft network was in danger, even those accessed using dial-up.
He called Microsoft?s fix ?quick and dirty? and said: ?They claim to have a fix for NT versions 3.5x and 4.0 but are still working on Windows 95. There have been problems with Netbios before.?
David Bridger, NT server product manager at Microsoft UK, admitted there is a problem. He said the problem was not at the Netbios level but with the TCP/IP stack. He said: ?A hacker with detailed knowledge of the TCP/IP protocol can send an out-of-bound packet to specify a port and create a denial of service error. The impact on the client is to hang their systems.?
He said that did not matter too much for people using applications like Office 97 which had auto-recovery built in, because even if the system crashed their data would be safe.
?This is a problem we want to fix. We were going to include it in Server Pack 3.0 for NT, out next week, but instead we?re posting it now.? The fix for NT, he said, is now available at the Microsoft site.
But Bridger insisted that despite this latest, and possibly severe problem, Microsoft continued to take security seriously. ?We posted this fix immediately because all related issues are serious. There will always be people trying to find their way around NT and Unix.? The program Win Nuke, he said, was designed by its developer to try and crash Windows.
He said that, as far as he was aware, Windows for Workgroups was not affected by the problem. He was unable to say when a fix for Windows 95 would be ready nor could he say whether other, non-Microsoft TCP/IP stacks, were vulnerable to attack.
New regulation expected to cut greenhouse gas emissions by about 17 million metric tonnes between 2020 and 2050
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime