Microsoft KB Archive/168115

= Malicious user with physical access to a computer can acquire cached domain password =

Article ID: 168115

Article Last Modified on 1/19/2007

-

APPLIES TO


 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 95
 * Microsoft Windows 95
 * Microsoft Windows 95

-



This article was previously published under Q168115



This information does not apply to Microsoft Windows 98 Second Edition.



SYMPTOMS
If your computer runs Windows 95 or Windows 98 for use as a network workstation, it may be possible for a malicious user to acquire your network password. This attack would require that the malicious user have physical access to your computer at some point after you log on to a server or domain, but before the machine had been rebooted. While a program can be used to read the cached password, doing so requires physical access to your computer when it is not protected by a screen saver password and you must be running the Microsoft Client for Microsoft Networks.



RESOLUTION
If you are running Windows 98:

The following file is available for download from the Microsoft Download Center:

Download 168115us8.exe now

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

If you are running Windows 95 or Windows 95 OEM Service Release versions 1, 2, 2.1, or 2.5:

The following file is available for download from the Microsoft Download Center:

Download 168115us5.exe now

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.



MORE INFORMATION
For more information about issues resolved by updates to thesecomponents, click the following article numbers to view the articles in the Microsoft Knowledge Base:

178824 Error message: Your password is too short

175051 Windows 95 roaming profiles do not work

176543 Windows 95 client is unable to receive roaming profiles

For more information about Windows 95 updates, click the following article number to view the article in the Microsoft Knowledge Base:

161020 Implementing Windows 95 updates

For related information on this problem, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/Bulletin/MS99-052.mspx

For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

http://www.microsoft.com/security/

For more information about Windows 98 and Windows 98 Second Edition hotfixes, click the following article number to view the article in the Microsoft Knowledge Base:

206071 General information about Windows 98 and Windows 98 Second Edition hotfixes

Additional query words: 98 95 Patch Available for "Legacy Credential Caching" Vulnerability

Keywords: kbdownload kbgraphxlinkcritical kbqfe kbenv kbprb kbhotfixserver KB168115

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.