Separate security loopholes recently uncovered in Windows NT and in Internet-based e-mail clients from Microsoft and Netscape Communications could provide hackers with access to users' computers and resources.
The Window NT loophole -- known as a "privilege elevation attack" -- is enabled via a program called sechole.exe, written by Prasdad Dabak, Sandeep Phadke and Milind Borate, a group of programmers based in India.
Posted to the Internet last week, the program enables non-administrative users who are logged on to the network locally to gain debug-level access on a system process. With such access, they are then able to run arbitrary code in the system security context and grant themselves local administrative privileges. The program does not work over a remote connection, thereby limiting attacks to users who have internal access privileges.
Microsoft posted a fix on Monday for Windows NT 4.0 Server and Workstation, both on X86 and Alpha platforms, on its Web site. A fix for Windows NT 4.0 Terminal Server Edition as well as fixes for 3.51 versions of NT will be posted "shortly," according to company officials. According to Dabak, the program also works on the beta version of NT 5.0. Microsoft officials were unavailable for comment about NT 5.0 On the e-mail front, researchers at Oulu University's Secure Programming Group in Finland have discovered a hole in Microsoft's and Netscape's (Nasdaq:NSCP) Internet-based mail applications through which malicious code can be launched. The breach affects users of Microsoft's Outlook Express 4.x and Outlook 98 as well as Netscape Mail Versions 4.05 and 4.5b1.
The malicious code needn't be contained in an e-mail attachment; rather, the tags that identify the attachment contain the code, according to Russ Cooper, owner and moderator of the NTBugtraq mailing list, which is dedicated to security breaches and bugs in NT and is operated out of Lindsay, Ontario. Outlook Express users and Outlook 98 users who are installed with an Internet Mail Only configuration or with an Internet Mail service in a corporate/workgroup configuration are at risk. They can be affected when malicious code is sent in a message and they highlight the name of an attachment, right mouse click on it and then move the mouse over the attachment, Cooper explained.
For Netscape Mail users, malicious code can be launched by simply highlighting the message -- without launching the attachment or opening the message -- and then accessing the File menu, Cooper said. "This is very dangerous. Any person sending you an e-mail could send a program and have it run on your computer. They could run code on your machine, and it would do anything you normally could do," said Cooper, who added that the code is not detected by a corporate firewall or gateway because "it's not abnormal ... it's not trying to do something that is not allowed by this protocol."
The solution: patches from Microsoft and Netscape.
For Netscape Mail users, a fix will be included in Communicator Version 4.06, which is due on August 7, according to officials. In the interim, Cooper said, Netscape Mail users should be wary of messages with attachments from unknown users. He recommends that users delete such messages and close the program directly with the "X" button rather than exiting the program through the File menu.
The Microsoft and Netscape e-mail holes were discovered in June by researchers at the Finland university