Microsoft, Novell patch OS problems

In the case of Novell, the network software maker released an update for its NetWare 5.0 operating system in early February to add new functions only to find that the update created a data synchronization problem within the company's directory service, known as NDS.

Novell executives recommend users upgrade to a new "1A" version of its Support Pack, even though the company notes that the "synchronization issue is both rare and may take considerable time before manifesting itself."

A company executive said fewer than five customers experienced issues with the synchronization flaw.

The updated support pack is available for download on the company's Web site.

In Redmond, Washington, software giant Microsoft has issued a bulletin concerning an exploit that could give a wayward user administrative privileges to a particular machine. The problem affects versions 3.5, 3.51, and 4.0 of the company's Windows NT operating system.

The so-called vulnerability was discovered by Lopht Heavy Industries. The organization dedicated to discovering vulnerabilities and building software could not be reached for comment.

Microsoft has developed a "workaround" that will change the default permissions on an NT machine. A software fix is currently being developed by the company.

The vulnerability occurs when the operating system caches various files during its set-up. During this process, local users could replace a certain DLL file, or Dynamic Link Library, with a malicious file that could allow them access to a machine they are not supposed to use. The issue is local in nature, meaning that a user has to interact with a certain machine to gain access to it.

The company said, "This vulnerability is primarily a concern for workstations and other systems that allow non-administrative users to interactively log on." More information is posted on the company's Web site.

Microsoft said a preventative mechanism has been available for this issue since May of last year as part of an NT 4.0 Resource Kit.