[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Patch Available for "Windows 2000 Telnet Client NTLM

Title: Patch Available for "Windows 2000 Telnet Client NTLM
Released by: MS
Date: 21st September 2000
Printable version: Click here 
-----BEGIN PGP SIGNED MESSAGE-----



Microsoft Security Bulletin (MS00-067)

- -------------------------------------



Re-release: Patch Available for "Windows 2000 Telnet Client NTLM

Authentication" Vulnerability



Originally posted: September 14, 2000

Re-Released: September 21, 2000



Summary

=======

On September 14, 2000, Microsoft released the original version of

this bulletin, which was revised the following day to advise of a

problem with the patch. On September 21, 2000, a new version of the

patch was released, and the bulletin was updated to advise of its

availability. Microsoft recommends that all customers, including

those who applied the original version of the patch, apply the new

version.



The patch eliminates a security vulnerability in the telnet client

that ships with Microsoft(r) Windows 2000. The vulnerability could,

under certain circumstances, allow a malicious user to obtain

cryptographically protected logon credentials from another user.



Frequently asked questions regarding this vulnerability and

the patch can be found at

http://www.microsoft.com/technet/security/bulletin/fq00-067.asp



Issue

=====

Windows 2000 includes a telnet client capable of using NTLM

authentication when connecting to a remote NTLM enabled telnet

server. A vulnerability exists because the client will, by default,

perform NTLM authentication when connecting to the remote telnet

server. This could allow a malicious user to obtain another user's

NTLM authentication credentials without the user's knowledge.



A malicious user could exploit this behavior by creating a

carefully-crafted HTML document that, when opened, could attempt to

initiate a Telnet session to a rogue telnet server - automatically

passing NTLM authentication credentials to the malicious server's

owner. The malicious user could then use an offline brute force

attack to derive the password or, with specialized tools, could

submit a variant of these credentials in an attempt to access

protected resources.



This vulnerability would only provide the malicious user with the

cryptographically protected NTLM authentication credentials of

another user. It would not, by itself, allow a malicious user to gain

control of another user's computer. In order to leverage the NTLM

credentials (or subsequently cracked password), the malicious user

would have to be able to remotely logon to the target system.

However, best practices dictate that remote logon services be blocked

at border devices, and if these practices were followed, they would

prevent an attacker from using the credentials to logon to the target

system. Best practices also strongly recommend that Windows 2000

users logon to their hosts with User level credentials, and if these

practices were followed, they would prevent a malicious user from

obtaining Administrator level NTLM credentials.



Affected Software Versions

==========================

 - Microsoft Windows 2000



Patch Availability

==================

 - Microsoft Windows 2000:

   http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24399



Note: Customers who applied the original version of the patch should

consider applying the current version.  The original version

eliminated the vulnerability; however, if a malicious user attempted

to exploit the vulnerability, the patch caused the Telnet client to

fail. The current version of the patch eliminates the vulnerability

without interfering with Telnet connections.



Note: This patch will also be included in the next Service Pack for

Windows 2000. It can be applied to computers with or without Service

Pack 1.



Note Additional security patches are available at the Microsoft

Download Center



More Information

================

Please see the following references for more information related to

this issue.

 - Frequently Asked Questions: Microsoft Security Bulletin MS00-067,

   http://www.microsoft.com/technet/security/bulletin/fq00-067.asp

 - Microsoft Knowledge Base (KB) article Q272743,

   http://www.microsoft.com/technet/support/kb.asp?ID=272743

 - Microsoft TechNet Security web site,

   http://www.microsoft.com/technet/security/default.asp



Obtaining Support on this Issue

===============================

This is a fully supported patch. Information on contacting Microsoft

Product Support Services is available at

http://support.microsoft.com/support/contact/default.asp.



Acknowledgments

===============

Microsoft thanks  DilDog of @Stake Inc. (www.atstake.com) for

reporting this issue to us and working with us to protect customers.



Revisions

=========

 - September 14, 2000: Bulletin Created.

 - September 15, 2000: Bulletin re-released to advise of problem with

patch.

 - September 21, 2000: Bulletin re-released to advise of availability

of new patch.



- -----------------------------------------------------------



THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED

"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL

WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT

SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY

DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,

CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF

MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION

OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO

THE FOREGOING LIMITATION MAY NOT APPLY.



September 21, 2000



(c) 2000 Microsoft Corporation. All rights reserved. Terms of use.





-----BEGIN PGP SIGNATURE-----

Version: PGP Personal Privacy 6.5.3



iQEVAwUBOcrFn40ZSRQxA/UrAQH1LQf/WArnQCcxfpITGvcWtIoXrOAel3hUeq3C

DSOEr1OLp8N9iIaQgBY3c+TtrfJvFRaWZ0/OAp2Kceo+EtY+f7ZnqRpaOGCU/7uP

q4UxNaj6xV8qymr3jVKg/IKqneCy75MQZktApsjpQpNPp63256Tbw4aK2y/Xls/l

YsmBgR5VubzKNJT0t3TEDmVimUjwrT0JbtgOlzrTkUgeNWEugwKCfGnSN+rhEQy+

vHrf80esg0FKuFsv1X4hCr/t1oTt9XWlKdjqCABbVCwd9/equUji7qAAv9J1eV6O

WLn77dtvqg7YE5FvPkoZJDyPL9bboV10TDtj6m4cq/YEwQEToBMJVw==

=tjw+

-----END PGP SIGNATURE-----



   *******************************************************************

You have received  this e-mail bulletin as a result  of your registration

to  the   Microsoft  Product  Security  Notification   Service.  You  may

unsubscribe from this e-mail notification  service at any time by sending

an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM

The subject line and message body are not used in processing the request,

and can be anything you like.



To verify the digital signature on this bulletin, please download our PGP

key at http://www.microsoft.com/technet/security/notify.asp.



For  more  information on  the  Microsoft  Security Notification  Service

please  visit  http://www.microsoft.com/technet/security/notify.asp.  For

security-related information  about Microsoft products, please  visit the

Microsoft Security Advisor web site at http://www.microsoft.com/security.






(C) 1999-2000 All rights reserved.