CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Microsoft posts Windows NT patch

The patch addresses a bug in the operating system that allows a malicious user to gain access to files via a flaw in the screensaver.

    Microsoft has released a patch for a Windows NT bug that allows users to gain access to privileged files by exploiting a flaw in the screensaver.

    Microsoft issued a security bulletin to its users on Friday night and made the patch available on its Web site.

    The Windows NT screensaver matches the security level of the user logged onto the machine, Microsoft explained, but does not check to make sure that the match is accurate. Theoretically, a malicious screensaver file could allow any user to log on as an administrator.

    The NT flaw is the latest in a long line of security issues that have beset the software maker.

    Microsoft admitted last week that its Windows 98 operating system had surreptitiously, and unintentionally, according to the company, been gathering user identification numbers during the Windows 98 registration process. Although Microsoft at first insisted that the numbers were only read by the Microsoft Web site, subsequently, the company confirmed that any Web site could gain access to the identification information.

    Microsoft's privacy woes come on the heels of Intel's battle with privacy advocacy groups over its decision to include a serial number on each Pentium III processor that can identify users during ecommerce transactions. Privacy groups fear that such a feature could allow marketers and hackers to share or steal information about users.

    The two types of machines at risk for this particular NT security bug are workstations and terminal servers that allow non-administrative users to interactively log on, or servers that allow remote users to execute programs. Windows NT 4.0 is affected by the problem.

    There are no known examples of machines that were hacked using this glitch, Microsoft said. Last week, Microsoft product manager Scott Culp said he believed any attack using this vulnerability was unlikely.

    "It requires a detailed understanding of the operating system--it's a highly technical attack. This isn't something that's easily put together," he said.

    The Windows NT bug was discovered by Cybermedia Software of India.