Hole in Windows 95, NT fixed

Microsoft is patching a security glitch in Windows 95 and NT that could allow malicious Web servers to crash users' computers over the Internet.

3 min read
Microsoft (MSFT) says it is providing patches for a security glitch in its Windows NT and 95 operating systems that could allow malicious hackers to crash users' computers over the Internet.

According to several users who have contacted CNET's NEWS.COM, the glitch could leave PCs vulnerable to what are called "denial of service" attacks from a rogue Web site that would temporarily prevent users from using their computers.

The vulnerability is the second to hit Microsoft in the past two weeks and the latest in a lengthy series of glitches to affect its products over the past few months. Last week, the company issued a patch for a problem that affected users of its Internet Explorer and PowerPoint presentation software.

In order to exploit the latest vulnerability, a Web site needs to send a special TCP/IP command known as "out of band" data to port 139 to a computer running Windows 95 or NT. A hacker could also target users' PCs through a program for Windows, Unix, and Macintosh now circulating on the Net called WinNuke. To crash a PC over the Net, a hacker simply types a user's Internet protocol address into WinNuke and then clicks the program's "nuke" button.

Several Web sites, including one called MyDesktop.com, have posted information on the Windows glitch, including their own fixes that protect users against the vulnerability.

Michael Furdyk, senior editor at MyDesktop.com, a resource site for Windows users, said that he first posted information on the vulnerability last Saturday. Furdyk said he has witnessed the WinNuke program being used to knock participants in Internet relay chat (IRC) groups off the Net.

"You can nuke anyone on the Internet who has Windows NT or 95," he said.

Furdyk said the bug also affects Windows 3.11 users, though he has not been able to successfully perform the same attack on Unix and Mac machines. If attacked using the "out of band" command, a Windows 3.11 will revert to DOS mode, he added.

Even though the vulnerability does not appear to leave PCs open to data theft, Microsoft said that it is taking it seriously.

"Any problem that can cause a system to hang is a serious problem," said Jonathan Roberts, director of product marketing for Microsoft's Windows team. "However isolated the incidents, we take all these things seriously."

Microsoft posted patches for Windows NT versions 4.0 and 3.51 around 2 p.m. PT today, Roberts said. The company will release a patch for Windows 95 within the next few days.

Roberts added that the patch will also be included in service pack 3, a collection of software patches for Windows NT due out later this week.

Some users complained today that Microsoft has known about this vulnerability for some time and has been slow to prepare a patch for it. A Microsoft spokeswoman confirmed that the company has known about the vulnerability for a few weeks, but that it was not slow to act.

"Microsoft doesn't promote problems until they have solutions," the spokeswoman said. "While they have known about it for some time, they have been actively working on a fix."