Running Web Sites With Windows NT Risky - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:43 PM

Running Web Sites With Windows NT Risky

Hundreds of thousands of Web sites running Windows NT 4 remain -- and will remain -- at risk from attack via a vulnerability patched for other operating systems a month ago.

Hundreds of thousands of Web sites running Windows NT 4 remain -- and will remain -- at risk from attack via a vulnerability patched for other operating systems a month ago, a U.S.-based security firm and a British-based Web monitoring vendor said Thursday.

The bug in a key Windows protocol, Server Message Block (SMB), was patched for Windows XP, Windows Server 2003, and Windows 2000 in February, but because NT 4 had reached the end of its support lifecycle December 31, 2004, no public fix was issued by Microsoft.

Microsoft does provide security patches for NT 4.0 customers who pay for custom support, a service available through the end of 2006.

However, that leaves a large number of Web sites vulnerable to hacks based on the SMB vulnerability, said Netcraft, a U.K.-based Web metrics and monitoring firm. According to Netcraft's most recent Web server survey, about 1.1 percent of Web-facing hostnames, or approximately 680,000, run on Windows NT 4.

Thousands of those hostnames, said Netcraft, are on SSL-enabled sites which may be conducting e-commerce, and thus particularly attractive to hackers.

"If your organization is unlucky enough to still have Windows NT 4.0 systems (most do) and you're not able to pay for extended support then you do not have a whole lot of options," wrote Marc Maiffret, the chief hacking officer at eEye Digital Security, in a message to the Bugtraq security mailing list.

Maiffret suggested a workaround that might mitigate some potential attacks. "...enable SMB signing. This does not truly mitigate the attack but instead it creates change in the SMB protocol that most attack tools I have seen do not support. Therefore it breaks them from being able to successfully exploit remote systems."

More information on how to turn on SMB signing can be found on Microsoft's Web site.

For its part, Microsoft has been aggressively pushing NT 4 customers to migrate to Windows Server 2003. In the February security bulletin on the SMB vulnerability, for instance, Microsoft stated, "It should be a priority for customers who have these [NT] operating system versions to migrate to supported versions to prevent potential exposure to vulnerabilities."

In later December 2004, as Microsoft was announcing a year extension of its custom support for NT 4, one of its executives was even more blunt.

"Windows NT Server 4.0 was developed before the era of sophisticated Internet based attacks," said Peter Houston, the senior director of the Windows serviceability group, in a statement. "It has reached the point of architectural obsolescence. It would be irresponsible to convey a false sense of security by extending public support for this server product."

SMB is used by Windows to share files, printers, and serial ports, and to communicate between computers, particularly between servers and client desktops. The vulnerability disclosed last month could allow a hacker to take complete control of the targeted system by sending it a specially-crafted SMB packet.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll