COMMAND

    SAM

SYSTEMS AFFECTED

    Win NT 4.0 (server and workstation)

PROBLEM

    There  has  been  a  lot  of  talking  about security flaws in SAM
    database.  Microsot finally provided  fix so this may be  solution
    to SAM #1 and SAM #2 on Security Bugware pages. There are now  two
    additional KB articles in the hot-fix directory:

        Q143474   (Anonymous Logon user)
        Q161372.  (SMB signing)

    The  Windows  NT  Server  4.0  System  Key  hotfix  provides   the
    capability  to  use  strong  encryption  techniques  to   increase
    protection of account password information stored in the  registry
    by the Security Account Manager  (SAM).  Windows NT Server  stores
    user  account  information,  including  a  derivative  of the user
    account password, in  a secure portion  of the Registry  protected
    by  access  control  and  an  obfuscation  function.  The  account
    information in the Registry is  only accessible to members of  the
    Administrators group.   Windows NT  Server, like  other  operating
    systems, allows privileged users who are administrators access  to
    all  resources  in  the  system.   For  installations  that   want
    enhanced  security,   strong  encryption   of  account    password
    derivative information  provides an  additional level  of security
    to prevent  Administrators from  intentionally or  unintentionally
    accessing   password   derivatives   using   Registry  programming
    interfaces.

    Microsoft has confirmed this to be a problem in Windows NT  Server
    version 4.0.

SOLUTION

    A  supported  fix  is  now  available,  but  has  not  been  fully
    regression-tested  and   should  be   applied  only   to   systems
    experiencing  this  specific  problem.   Unless  you  are severely
    impacted by this specific  problem, Microsoft recommends that  you
    wait for the  next Service Pack  that contains this  fix.  Contact
    Microsoft Technical Support for more information.

    You can obtain this Application Note from the following sources:

      http://www.microsoft.com/ntserversupport/
      ftp://ftp.microsoft.com/bussys/winnt-public/fixes/usa/nt4/hotfixes-postSP2/sec-fix/

    As David LeBlanc said, a couple of things to be aware of...

    1) THIS  THING INSTALLS  WITH NO  WARNING!   If you  just run this
       thinking  that  you  are  just  going  to  expand  the file, it
       INSTALLS itself, and then wants to reboot your machine.

    2) It fixes more  than it claims to  (which is a good  thing) - it
       also fixes  the problem  where misconfigured  samba packets can
       crash any NT 4.0 where a share can be attached.