Windows NT vulnerable to hackers: study

Hackers can squeeze through 106 holes in Windows NT to cause critical damage to an organisation's information systems, according to an information and Internet security company.

Shake Communications, which conducts an ongoing study of computing technology, said most of the holes are found in all versions of Windows NT (3.5, 3.51 and 4). Some apply to one or two of the versions and others appear where an application is running on Windows NT, Shake officials claimed.

These findings form part of Shake's study into vulnerabilities in popular hardware, operating systems, applications and programming languages.

According to Shake officials, hackers can penetrate Windows NT then copy, change and delete files and crash the network. Examples of the havoc hackers can cause include: sending spoofed packets to multiple ports where source and destination settings are the same, causing a system crash; using their own programs such as NtAddAtom to exploit holes and crash Windows NT; finding holes in Windows NT that allow unauthorised local users to access systems such as payroll; and accessing the alerter and messenger services, causing them to send fake messages which could dupe legitimate users into revealing their passwords.

Even where a domain user has created a file and removed all permissions on it, a hacker can delete it.

Some of the holes in Windows NT cannot be plugged at present, Shake officials said. Others can only be guarded by physical security measures, such as locking the Windows NT server in a room. However, Microsoft does provide software patches and fixes to rectify many of the vulnerabilities on its Web site.

Simon Johnson, technical director of Shake Communications, said: "Windows NT is seen as being secure. Many IT managers don't know of the vulnerabilities that exist in Windows NT."

A lot of IT managers who buy off the shelf fail to register with Microsoft and do not become aware of security issues pertaining to the system, Johnson said.

He said Microsoft does not tend to be proactive in issuing fixes, tending to release them only after hackers cause a significant incident.