Security Home > Windows 95, 98 & ME

Share Level Password Vulnerability

A security vulnerability in Microsoft® Windows 95, 98, 98SE, and Windows Me which could allow a malicious user to programmatically access a Windows 9x/Me file share without knowing the entire password assigned to that share.

Issue

Microsoft Windows 9x/Me provides a password protection feature referred to as (share level access) for the File and Print Sharing service. However, due to the way the password feature is currently implemented, a file share could be compromised, by a malicious user who used a special client utility, without that user knowing the entire password required to access that share. Only share level access permissions are vulnerable. If a Windows 9x or Windows Me machine were part of a Windows NT domain, user-level access controls could be enforced on file shares and passwords would not be needed to allow access to those shares. Windows NT and Windows 2000 machines can only be setup with user-level file share access controls and are not susceptible to this vulnerability.

Microsoft Windows 9x/Me provides a password protection feature referred to as (share level access) for the File and Print Sharing service. However, due to the way the password feature is currently implemented, a file share could be compromised, by a malicious user who used a special client utility, without that user knowing the entire password required to access that share. Only share level access permissions are vulnerable. If a Windows 9x or Windows Me machine were part of a Windows NT domain, user-level access controls could be enforced on file shares and passwords would not be needed to allow access to those shares. Windows NT and Windows 2000 machines can only be setup with user-level file share access controls and are not susceptible to this vulnerability.

Affected Products

  • Microsoft Windows 95, 98, 98SE and Me

Solution

Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: October 10, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<