COMMAND

    ntfsdos.exe

SYSTEMS AFFECTED

    Win NT 3.5, 3.51, 4.0

PROBLEM

    This vulnerability was originally presented on:

        www.ntshop.com/security

    and this text is their credit.

    NT secured filesystem (NTFS) can be read from  DOS/Windows/Windows
    95,  bypassing  filesystem  security.  A  hacker  could boot an NT
    system  from  a   DOS  floppy  with   ntfsdos.exe  and  read   all
    information on hard-disk.

    A NTFS-read capable  'ntfsdos.exe' driver is  available publically
    to locally mount  an NTFS volume,  a read/write version  (v1.5) is
    expected  soon.  This  will  allow   a  hacker  to  alter   system
    information.

    The  program,  named  NTFSDOS.EXE,  can  be  used  to  read drives
    formatted  with  NT's  proprietary  file  system, NTFS. By placing
    NTFSDOS.EXE on a  DOS boot floppy  and booting an  NT machine with
    it,  a  user  can  see  password  files,  security  features   and
    administration databases.  (Previously, only NT itself could  read
    NTFS-formatted drives.)

    Because NTFSDOS.EXE doesn't work through NT, it ignores user-based
    permissions and  allows anyone  access to  every byte  on an  NTFS
    drive.  Since NTFS doesn't normally encrypt data, unencrypted text
    and data files are directly readable-even with something as simple
    as the DOS TYPE command.

SOLUTION

    Disallow  access  to  floppy  disk  until  needed,  monitor the NT
    systems  with  Systems  Management  Server,  use the system's BIOS
    password protection, and disable floppy booting.