NT Server bug exposes user groups, users
By Scott Berinato

A bug in Microsoft Corp.'s NT Server 4.0 can expose a server's user groups
and users, according to tests done by PC Week Labs. 

The bug only affects NT servers set to default settings with no firewall
protection, a configuration rarely seen unless users are not concerned
with security. So while administrators ought to be concerned, simple
precautions can prevent the situation, PC Week Labs analysts said. 

[This is the same bug brought up six months before. This
is not a new issue at all. No research was done on this article
and the technical issues involved.]

However, on a Web page posted by "Vitali Chkliar," 10 companies are listed
as susceptible to the bug as of November 25. To prove the point, Chkliar
has links to the companies' hacked information. 

Chkliar also has two ASP (Active Server Pages) applications available at
the site that will expose any site under the base NT configuration without
a firewall. Users only need to know a server's IP address to learn the
server's group names. Given the IP address and a group name, a hacker
could pull user names from the server, according to the site. 

Chkliar could not be reached for comment. His site contains no e-mail
address or contact information and attempts to locate him have proven
unsuccessful. The Web page says that "It is also possible through lower
level API to get read, write access to the registry and folders of the
target computer, configured with default settings." 

[And not being able to contact him isn't suspicious?]

Karan Khanna, lead product manager for Windows NT security at Microsoft,
in Redmond, Wash., said this is not a security issue and that the function
Chkliar provides on his Web page is available through a base-level API. 

"What's happening is, whenever you configure a server, we tell people to
lock down the server appropriately so you can control the access to
server,"  Khanna said. "In this situation, you haven't locked out the
appropriate ports and haven't set the right access controls. We tell
customers exactly how to lock down the systems. If you do it, this is a

Khanna also said the API does not allow write access, but it will allow
read capabilities. 

"In Service Pack 4, we have a security configuration editor which allows
automatic lock-down of NT Server," he said. 

Service Pack 4 is available now from Microsoft at 

(For security considerations, Chkliar's Web site and the names of the
hacked companies have been omitted from this story.)