The Windows NT glitch is triggered by malicious software that allows a user to get into protected files on an NT system via the screensaver. When the screensaver launches, the malicious user can gain access to privileges that he or she shouldn't ordinarily be able to obtain, Microsoft confirmed. The bug was discovered by Cybermedia Software Private Limited of India.

Microsoft is working on a patch, which it will disseminate this week. The company will also issue a security alert to notify users about the problem, according to Scott Culp, security product manager for Microsoft.

Privacy in the computer industry has been much in the news of late. In addition to the Windows 98 privacy issue, Intel's Pentium III has been hit with ongoing protests over the security ID number on each chip.

"This vulnerability would allow someone to gain more privileges than they should have and do things they shouldn't be able to do," Culp said of the NT problem. However, to exploit the vulnerability, a hacker would have to be sitting at the workstation or server intended for the attack, a fairly rare situation.

"This primarily would affect
workstations, but most people are already local administrators on their workstations," Culp said, so the issue would be moot. Because of this, and because the malicious software would have to be fairly sophisticated technically, Culp believes "it is not an easy attack to pull off."

"It requires a detailed understanding of the operating system--it's a highly technical attack. This isn't something that's easily put together." There have been no known instances of the hack to date, he added.

The bug affects Windows NT 4.0. Microsoft will purge the bug from the upcoming Windows 2000 operating system, Culp said. "We're still investigating all the affected versions."

"We're taking this very seriously. We take security very seriously in all cases," he said.

-- Stephanie Miles - 3/09/99