DATE: COMMAND SOURCE: AUTHOR: ntfsdos.exe SYSTEMS AFFECTED Win NT 3.5, 3.51, 4.0 PROBLEM This vulnerability was originally presented on: www.ntshop.com/security and this text is their credit. NT secured filesystem (NTFS) can be read from DOS/Windows/Windows 95, bypassing filesystem security. A hacker could boot an NT system from a DOS floppy with ntfsdos.exe and read all information on hard-disk. A NTFS-read capable 'ntfsdos.exe' driver is available publically to locally mount an NTFS volume, a read/write version (v1.5) is expected soon. This will allow a hacker to alter system information. The program, named NTFSDOS.EXE, can be used to read drives formatted with NT's proprietary file system, NTFS. By placing NTFSDOS.EXE on a DOS boot floppy and booting an NT machine with it, a user can see password files, security features and administration databases. (Previously, only NT itself could read NTFS-formatted drives.) Because NTFSDOS.EXE doesn't work through NT, it ignores user-based permissions and allows anyone access to every byte on an NTFS drive. Since NTFS doesn't normally encrypt data, unencrypted text and data files are directly readable-even with something as simple as the DOS TYPE command. EXPLOIT SOLUTION Disallow access to floppy disk until needed, monitor the NT systems with Systems Management Server, use the system's BIOS password protection, and disable floppy booting.