Win9x and Me Allow Access to Shares Without Password

 

Reported October 11, 2000 by Microsoft

VERSIONS AFFECTED
  • Windows 9x/ME

DESCRIPTION

Microsoft has released a security bulletin and patch that addresses a security issue that would allow a remote user to access file shares without knowing the complete password.

DEMONSTRATION

Windows 9x and Windows ME both allow users to set share level passwords.  By using a special utility, a malicious user could bypass the password and access the shares.  This does not affect user level password controls.

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-0072.  A patch for Windows 98 is available at; http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE

A patch for Windows ME is available at; http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE

At this time a patch for Windows 95 is not available.

CREDIT
Discovered by
Nsfocus Security Team

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish