Hacker attacks Win 95 and Win NT machinesby Christine BurnsFRAMINGHAM -- An unknown hacker recently left thousands of Windows 95 and NT machines temporarily disabled at universities and military facilities across the US.
The perpetrator's weapon was an automated version of an existing denial-of-service attack called TearDrop. TearDrop crashes Windows 95 desktops and NT 4.0 workstations and servers by firing malformed TCP/IP-based User Datagram Protocol (UDP) packets at them. Unlike Unix machines, which discard corrupted UDP packets, NT and Windows 95 boxes get Ògummed up" trying to diagnose them.
Victims and NT security experts said this new attack, dubbed TearDrop II, is more dangerous than its predecessor because the perpetrator has discovered a way to fire corrupt UDP packets at thousands of NT boxes at once. TearDrop attacked the boxes one at a time.
In one University computer lab, about 145 of the 160 NT 4.0 workstations crashed as the result of attacks over two nights.
In addition to crashing Windows machines, the attack also bruised Microsoft's reputation, said Jeff Schiller, director of Massachusetts Institute of Technology's Network Services. ÒThe only reason the hacker could pull this off was a flaw in Windows. That's more well-known now than it was," Schiller said.
Microsoft issued a patch for TearDrop in January, when reports of attacks on single machines surfaced. This patch is available at www.microsoft.comMicrosoft officials downplayed the TearDrop II attacks.
Microsoft enlists FileNet
SAN MATEO -- Microsoft and FileNet last week outlined a strategic initiative to make Windows NT and Windows development tools align more closely with existing document-management systems, which have traditionally been the domain of Unix platforms and tools.
The two companies will announce Windows-oriented tools and platforms for document and knowledge-management, along with a marketing, training, and support initiative.
FileNet recently debuted its Panagon line of Windows and Web-based document-management offerings. by IDG staffThe NT bug reportSAN MATEO -- Microsoft has released a hot-fix for NT 4.0 that prevents a denial of service attack when there is a Server Message Block (SMB) logon request, in which the size of the data listed with the SMB request doesn't match the actual data size. This causes the server to hang.
The hot-fix can be found at ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/ hotfixespostSP3/srvfix.
Also, Microsoft has released a hot-fix for using TAPI 2.1 in NT 4.0, including data loss when using Remote TSP, and access violation when calling agent functions. The hot-fix is at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/tapi21-fix.