Yet another bug has been discovered in Windows NT and this one looks pretty serious: This one allows any ordinary user that is aware of the flaw to impersonate the systems administrator. Once you have this ability, your options are endless, as you have complete control of the system. This bug affects non-Domain Controllers running Windows NT Server 3.51 and 4.0.
"It's a pretty big problem," said Mark Edwards, a security consultant that runs the NT Security Web site. "Even though it's a local attack, it's probably one of the top five or six bugs \[ever found in Windows NT\]."
Microsoft acknowledged that the problem was confined to people with physical (not remote) access to an NT server.
"Somebody can use this program if they have physical access local log-on rights," said Karan Khannan, a product manager on the NT security team at Microsoft. "Once they have this, they can get elevated privileges."
Microsoft is planning to release a patch for the bug by the time you get this: Check its Security Advisor Web site for details