WINDOWS 9X/ME PASSWORDS CRACKABLE IN ONE CHARACTER Microsoft Windows peer-to-peer networking users are at risk of their shares (hard drives, floppies, CD-ROMs, removable media) being made available to unauthorized users even when passwords have been assigned. Who is affected? Small businesses, departmental workgroups, home networks, and Internet users who have enabled file and printer sharing. What�s the scope of the vulnerability? This is a privacy compromise vulnerability. The vulnerability could potentially allow unauthorized access to a user's password protected file share through the use of a malicious client utility and knowing (or guessing) the first letter of the password assigned to the share. What causes the vulnerability? There is a flaw in the way the File and Print Sharing service implements password protection for a directory when that directory is shared over a network using share level access. The flaw could allow a malicious program to gain access to that share without knowing the complete password. What would this vulnerability allow a malicious user to do? If a malicious user could exploit this vulnerability, they would be able to retrieve, modify, or delete any file within that share. Microsoft has released a patch that repairs the immediate bug; however, users should consider implementing a separate file and print server on which data files are stored, thereby freeing individual hard disks from the burden and additional overhead of sharing files. I have installed Linux file/print servers in corporate networks for less than the cost of a standard workstation. Linux, like Novell NetWare, ensures secure file services with access rights grantable to both individuals and groups. References Microsoft Security Bulletin (MS00-072): http://www.microsoft.com/technet/security/bulletin/ms00-072.asp Message Center: http://itrain.org/msg/ -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
