COMMAND

    plaintext passwords

SYSTEMS AFFECTED

    Win '95

PROBLEM

    A  vulnerability  exists  in  the  way  that network passwords are
    stored  in   memory  by   Microsoft  Windows95   systems.     This
    vulnerability  may  allow  unauthorised  access  to the plain text
    password for the currently logged in user.  Although the  password
    is  encrypted  before  sending  it  over  a  network, it is stored
    unencrypted in the  system's memory.   Access to the  password for
    the  currently  logged  in   user  is  possible  through   careful
    examination of  memory structures.   It is  possible to  develop a
    program to simplify this attack.

    To obtain the password currently stored in memory, a program  must
    be executed on  the system.   This can be  done by either  gaining
    physical  access  to  the  computer  or  misleading  the user into
    executing the program.  These actions must be performed while  the
    network user is still logged in.

    The  user  can  be  misled  into  running  a  malicious program by
    downloading untrusted  information from  the Internet,  or by some
    other means  such as  embedding the  malicious program  in a Macro
    contained in a file that gets executed when the file is opened  by
    the user.  This file may be  sent to the user as an attachment  to
    an electronic mail message.


SOLUTION

    Microsoft  has  released  a  security  bulletin,  containing patch
    information, addressing  the vulnerability  described here.   This
    bulletin can be located on their security page on Microsoft's  Web
    site at:

        http://www.microsoft.com/security/

    and is  titled "Microsoft  Windows 95  Update to  Enhance Password
    Security".