Windows NT 4.0 Does Not Delete Unattended Installation File

When an unattended installation of Microsoft® Windows NT® 4.0 completes, a copy of the file that contains installation parameters remains on the hard drive. Depending on the method that was used to perform the installation and the specific installation parameters that were selected, the file could contain sensitive information, potentially including the local Administrator password.

Issue

When an unattended installation of Windows NT 4.0 is performed, the installation parameters are included in a file named Unattend.txt. A vulnerability exists because the installation process copies the parameter file to a file in %windir%\system32 ($winnt$.inf for a normal unattended installation, or $nt4pre$.inf if Sysprep was used) but does not delete it when the installation completes. By default, this file can be read by any user who can perform an interactive logon. If sensitive information such as account passwords were provided in the installation parameters file, the information could be compromised.

Affected Products

• Windows NT Server, Enterprise, Terminal Server and Workstation 4.0

Solution

Customers performing unattended installations of Windows NT 4.0 should ensure that they either review the file and erase any sensitive information such as account information and passwords, or delete the file altogether.

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: September 10, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<