A lovely new bug in Windows NT Server 4.0 exposes users to attack if the system administrator hasn't enable certain obvious security settings. Most NT systems, however, are not vulnerable to this problem.
"What's happening is, whenever you configure a server, we tell people to lock down the server appropriately so you can control the access," said Karan Khanna, lead product manager for Windows NT security. "In this situation, you haven't locked out the appropriate ports and haven't set the right access controls. We tell customers exactly how to lock down the systems. If you do it, this is a non-issue. In Service Pack 4, we have a security configuration editor which allows automatic lock-down of NT Server.