CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Microsoft issues fix for password glitch

The software giant issues a patch for a glitch in Windows NT that saved passwords without a user's knowledge.

Microsoft today issued a patch for a glitch in Windows NT that saved passwords without a user's knowledge.

Microsoft released the bug fix and alerted users of Windows NT Workstation 4.0, Windows NT Server 4.0, and Windows NT Server 4.0, Enterprise Edition, of its availability today in a security bulletin.

Securing sensitive user information has become an increasingly difficult task for the computer industry. Microsoft itself came under fire earlier this year when word came out that the software maker was gathering information without users' knowledge.

The vulnerability affects the Windows NT Remote Access Service (RAS) and Routing and Remote Access Service (RRAS). These tools help access remote servers from dial-up locations and offer users the option of saving their password.

Microsoft found that passwords were cached even when a user requested they not be cached. Under secure circumstances, only a system administrator and the user would have access to saved local information, including passwords. Additionally, Microsoft offers password encryption as a feature in its NT Service Packs.

However, even secure networks can be breached, which is why some users choose initially not to store their passwords.

There have been no reports of any users affected by the original problem, according to the company, which issued the patch in an effort to be "proactive."

Users of the affected platforms can get more information about the patch from Microsoft's Web site. Microsoft recommends users "evaluate the degree of risk that this vulnerability poses to their systems," before downloading it.