A security expert has published instructions for exploiting a flaw in some builds of Windows 2000 Beta 3 that leaves users’ PCs wide open to hack attack.
In an e-mail circulated Monday, David Litchfield of security consultancy Arca Systems Inc. described a simple technique that would give an attacker full access to a susceptible machine via the software’s “autologin” feature.
Using Litchfield’s technique, an attacker gains access via Windows 2000’s built-in Telnet server, then uses a nbtstat command to find the autologin account user name. At that point, the intruder has complete control over the computer. To make matters worse, the Telnet server can be covertly activated by a simple Visual Basic script hidden in any HTML document.
Microsoft says it has known of the breach since it shipped Windows 2000 Beta 3 in April. The security hole will be fixed in the Release Candidate 2 build, which Microsoft could release next week.
The full story is online at www.zdnn.com.