The tangled mess of Windows NT security problems got even more confusing this past week, when two major security bugs--one in Windows NT and one in Microsoft Email clients such as Outlook--were discovered. The NT bug, which was mentioned previously in WinInfo, involves what Microsoft calls a "privilege elevation attack," where a normal user on a network can gain administrative rights to the server, essentially giving him the ability to do anything. That bug has been patched with a hot-fix, which you can now find on the Microsoft FTP site. Fixes for Windows NT 4.0 Terminal Server Edition Windows NT 3.51 will be posted "shortly," Microsoft promises.
The Email client security bug, unfortunately, hasn't been fully addressed yet. The bug allows malicious hackers to crash systems via an Email message. Unlike most Email bugs, where an attachment of some sort needs to be executed by the user, the Microsoft Email client bug is more insidious: you can trigger it simply by making certain mouse operations in an Email message. The bug affects Outlook Express 4.0, Outlook 98, and the versions of Netscape Mail that ship with Communicator 4.05 and 4.5 Preview Release 1.
Microsoft has posted a description of the bug on its Security Web site. This includes a link to the fix for Outlook 98, but the current patch introduces some other bugs and doesn't fix all variants of the problem. Microsoft says it will post an updated fix by the end of the week. There is also a patch on this page for Outlook Express users.
Thanks to John Nuechterlein and Richard Hay for their contributions
