Microsoft Responses
All of these security enhancements are due to the availability and high
performance of the L0phtcrack and similar tools. We like to think that
we have played a major role in securing Windows NT since Microsoft only
seems to improve security after their weaknesses are publicly
demonstrated.
We think Microsoft might have finally fixed the problem due to LANMAN
hashes travelling over the network with SP4 but we have not tested this
yet. Up to SP4 even all-NT networks have been vulnerable LANMAN hashes
being sniffed. Of course networks with Win95 on them are still
vulnerable.
In the fall of 1997 Microsoft released a post SP3 HotFix to protect
NT machines from divulging their LANMAN password hash over the network,
the so called LM-FIX. The problem was that this fix broke DCOM among
other things and was subsequently pulled. So your NT network has been
vulnerable to this problem until SP4. We will be researching SP4's
NTLMv2 over the coming weeks and will publish our findings.
|