Since a good many people run Windows NT/95/98 Workstations and Servers, I
thought that this would be good to pass along to the group.
If you don't use these OSes at all - please disregard this message and
accept my apologies for the waste of bandwidth - but it seems that most, if
not all of you have at least one of these machines in your shops.
Best,
Joe
-----Original Message-----
From: Microsoft Product Security Notification Service On Behalf Of
Microsoft Product Security Response Team
Sent: Wednesday, August 05, 1998 11:21 AM
To: [log in to unmask]
Subject: Microsoft Security Bulletin (MS98-010)
Microsoft Security Bulletin (MS98-010)
----------------------------------------------------------------------- -
Information on the BackOrifice Program
Last Revision: August 04, 1998
Summary
=======
On July 21, a self-described hacker group known as the Cult of the Dead Cow
released a tool called BackOrifice, and suggested that Windows users were
at risk from unauthorized attacks. Microsoft takes security seriously, and
has issued this bulletin to advise customers that Windows 95(r) and Windows
98(r) users following safe computing practices are not at risk and Windows
NT(r) users are not threatened in any way by this tool.
The Claims About BackOrifice
============================
According to its creators, BackOrifice is "a self-contained,
self-installing utility which allows the user to control and monitor
computers running the Windows operating system over a network". The
authors claim that the program can be used to remotely control a Windows
computer, read everything that the user types at the keyboard, capture
images that are displayed on the monitor, upload and download files
remotely, and redirect information to a remote internet site.
The Truth About BackOrifice
===========================
BackOrifice does not expose or exploit any security issue with the Windows
platform or the BackOffice(r) suite of products.
BackOrifice does not compromise the security of a Windows network.
Instead, it relies on the user to install it and, once installed, has only
the rights and privileges that that the user has on the computer.
For a BackOrifice attack to succeed, a chain of very specific events must
happen:
- The user must deliberately install, or be tricked into
installing the program
- The attacker must know the user's IP address
- The attacker must be able to directly address the user's
computer; e.g., there must not be a firewall between the
attacker and the user.
What Does This Mean for Customers Running Windows 95 and Windows 98?
====================================================================
BackOrifice is unlikely to pose a threat to the vast majority of Windows
95 or Windows 98 users, especially those who follow safe internet computing
practices. Windows 95 and Windows 98 offer a set of security features that
will in general allow users to safely use their computers at home or on the
Internet. Like any other program, BackOrifice must be installed before it
can run. Clearly, users should prevent this installation by following good
practices like not downloading unsigned executables, and by insulating
themselves from direct connection to the Internet with Proxy Servers and/or
firewalls wherever possible.
What Does This Mean For Customers Running Windows NT?
=====================================================
There is no threat to Windows NT Workstation or Windows NT Server
customers; the program does not run on the Windows NT platform.
BackOrifice's authors don't claim that their product poses any threat to
Windows NT.
What Customers Should do
========================
Customers do not need to take any special precautions against this program.
However customers should ensure that they follow all of the normal
precautions regarding safe computing:
- Customers should not install or run software from
unknown sources -- this applies to both software available
on the Internet and sent via e-mail. Reputable software
vendors digitally sign their software to verify its authenticity
and safety.
- Corporate administrators can block software that is not digitally
signed by a reputable or authorized software company at their proxy
server and/or firewall.
- Customers should keep their software up to date to ensure that
hackers cannot take advantage of known issues.
- Companies should use actively use auditing and monitor their
network usage to deter and prevent insider attacks.
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin 98-010, Information on the
BackOrifice Program (the Web posted version of this
bulletin),
http://www.microsoft.com/security/bulletins/ms98-010.htm
Revisions
=========
August 04, 1998: Bulletin Created
For additional security-related information about Microsoft
products, please visit http://www.microsoft.com/security
----------------------------------------------------------------------- --
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS
IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES,
EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION
OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT,
INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT APPLY.
(c) 1998 Microsoft and/or its suppliers. All rights reserved.
For Terms of Use see
http://support.microsoft.com/support/misc/cpyright.asp.
=====================================================
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to [log in to unmask]
The subject line and message body are not used in processing the request,
and can be anything you like.
For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/security/bulletin.htm. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
|