From best-of-security-request@suburbia.net Thu Sep 26 11:41:34 1996 Return-Path: Delivered-To: route@infonexus.com Received: (qmail-queue invoked from smtpd); 26 Sep 1996 11:41:32 -0000 Received: from mail6.netcom.com (HELO mail6) (root@192.100.81.142) by onyx.infonexus.com with SMTP; 26 Sep 1996 11:41:31 -0000 Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by mail6 (8.6.13/Netcom) id EAA13367; Thu, 26 Sep 1996 04:38:17 -0700 Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with ESMTP id EAA00399; Thu, 26 Sep 1996 04:37:36 -0700 (PDT) Received: (list@localhost) by suburbia.net (8.7.4/Proff-950810) id QAA12252; Thu, 26 Sep 1996 16:45:28 +1000 Resent-Date: Thu, 26 Sep 1996 16:45:28 +1000 From: "Matthew Aldous" Message-Id: <9609261509.ZM2572@discovery.mhri.edu.au> Date: Thu, 26 Sep 1996 15:09:34 -0400 X-Files: The Truth Is Out There X-Disclaimer: Comments contained do not necessarily represent those of my employer X-Copyright: Portions of this message may be subject to copyright. (C) 1996 Matthew Aldous X-Warning: Comments contained may be devoid of fact or truth. X-URL: http://www.mhri.edu.au X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail) To: meditation@gnu.ai.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Approved: proff@suburbia.net Resent-Message-ID: <"sqoOK2.0.M_2.7QYIo"@suburbia> Resent-From: best-of-security@suburbia.net X-Mailing-List: archive/latest/413 X-Loop: best-of-security@suburbia.net Precedence: list Resent-Sender: best-of-security-request@suburbia.net Subject: BoS: D:\support\deptools\I386\Rollback.exe Status: RO Subject: Warning! NT 4.0 utility wipes system configuration From: wex@tinbergen.media.mit.edu (Graystreak) Approved: proff@suburbia.net Forwarded-by: Logan Sanders NT users beware! Retail copies of both the Workstation and Server versions of Windows NT 4.0 shipped with an undocumented system-wiping utility. The file Rollback.exe erases key components of the system registry, disabling the operating system. Microsoft Corp. officials say that once the file has been executed, the changes cannot be undone and require a complete reinstallation of the operating system. At least one incident of accidental erasure has occurred and Microsoft is mulling over how to inform customers of the problem. This undocumented feature could do the most damage to NT4.0 Server users because it erases critical-security and user-account information. Without an up-to-date backup, network administrators will have to recreate all of the users' account and password profiles. Microsoft this week sent out an E-mail warning to its channel partners. It stated that after running the utility "the next thing the customer knows, they are staring at the set-up screen and are completely down." Rollback.exe was designed to allow OEMs to test NT with their hardware and software configurations, and then return systems to their pre-installation state. The file is located in the support\deptools\I386\ directory of the NT CD-ROM and is not installed on the system by default. But the lack of any online documentation or escape route once the program has begun has put curious users at risk. Microsoft officials say that more than 150,000 copies of NT Server 4.0 have been sold since its release in late July. Microsoft has posted an entry in its online Knowledgebase, but has not determined how it will notify customers and OEMs. -- ------------------------------------------------------------------------------- "System Administration: It's a dirty job, but someone said I had to do it." Matthew Aldous : 019339629 : mda@mhri.edu.au : Mental Health Research Institute -------------------------------------------------------------------------------