Windows NT BugTraq Mailing List
In the tradition of Aleph One's BugTraq mailing list, this list
has been created to invite the free and open discussion of
Windows NT Security Exploits/Bugs or *SEBs* as I call them. This
list is not intended to be a forum to discuss "how to" issues, but
instead should be used to report reproducible SEBs which you have
personally encountered with Windows NT or its related BackOffice
Q:What is a SEB?
A:Anything that can be done to a Windows NT installation via a
remote connection (network or RAS) or through the local
installation of commercial software which causes Windows NT to
react in anything but an expected fashion. So telnet to TCP port
135 and typing 15 characters thereby causing the Windows NT CPU
to go to 100% utilization would be an acceptable topic. Sitting
at a console logged in as Administrator and removing the
Administrator's file permissions on the %systemroot%\system32
would not be considered an acceptable topic.
- Discuss SEB resolution or workaround.
- Discuss SEBs in third-party Windows NT products, providing that
the product is designed for BackOffice.
- Discuss Macintosh, Netware, or Samba/Unix-related SEBs assuming
that the SEB is related to Windows NT involvement.
- Discuss Windows '95, unless, and only if, the Windows NT SEB
can only be reproduced with a Windows '95 client.
- Discuss Windows for Workgroups or Windows 3.x, for any reason.
- Discuss products to enhance security, unless they have been
proven to resolve an outstanding SEB.
- Discuss Unix SEBs, these should be addressed to
ORG (subscribe through LISTSERV @
- Discuss general Windows NT Security, how to, what to, why to,
type questions. The NTSecurity @
net list (subscribe through
NET) would be a better forum to discuss these
Vendor involvement in the list is not discouraged, but I would
ask that you not use this forum as a method of advertising the
value of your products. If a SEB shows a weakness in Windows NT
design, and your product can resolve that weakness, a short note
indicating TECHNICALLY how your product addresses the issue would
be consider appropriate. If you don't address the issue in a
technical fashion your subscription will be revoked.
Now after reading all of this you'll probably wonder why I'm
being so restrictive. For one, I want to keep the volume low, as
low as possible. I want to keep the content as pertinent as I
possibly can so that the list becomes a useful tool for everyone
using Windows NT. If the list can remain on topic, people will
post SEBs here first, and we will all have an opportunity to
address the issues in a way best suited to our environments.
I would also make a couple of recommendations to you prior to you
posting a security exploit/bug.
1. Don't post SEBs unless you have been able to reproduce it. If
the subscriber base grows as I expect it will, posting such
messages may cause many people to waste valuable time trying
to reproduce something which is not there.
2. When posting a SEB, make sure you include enough relevant
information about your configuration to make it possible to
reproduce your scenario. Versions of the relevant software,
service pack levels of your system, platform, and any
configuration information which might affect the issue. By
doing this you will prevent a lot of messages asking you the
basic questions and make resolution or workaround that much
3. When posting a resolution or workaround, if you have received
a Microsoft Knowledgebase Article number (a Q#####), please
post it with your message so everyone can read it if they want.
4. Remember your Non-Disclosure Agreements. Issues pertaining to
products covered under NDA should not be discussed here, use
the appropriate Microsoft Newsgroup for these issues.
Typically, once a product has been released to public beta
testing your NDA changes to one limiting you from discussing
performance characteristics of the product. Please check with
your Microsoft representative or Beta Administration if you
are at all unsure of your NDA status prior to posting.
This list operates on a confirmation basis. Your subscription,
and every message you post to this list will generate a
confirmation message from LISTSERV @
This is there for
your protection to ensure that subscription requests really are
from the actual individual email address. It is also there to let
you think about your message prior to it being posted. This is
not a configurable option.
I hope that the list proves useful to you and your organization.
With the REview option turned off, I hope that it will attract
individuals in organizations who have the ability to address the
issues which get raised on this list. I know from personal
experience that having to pay Microsoft US$195 in order to report
a bug (despite the fact you get a refund 3 or 4 days later) can
often mean the difference between reporting a bug and not. This
list should provide an alternative to that process, and at the
same time, should allow the rest of the Windows NT community the
opportunity both to take up the issue with their own Microsoft
representatives, and protect themselves from the possible
exploits which a SEB might expose them to.
The objective is to get SEB resolution done faster, better, and
with less risk to the Windows NT customer than currently exists.
To subscribe to this Listserv, send a message to
SUB NTBUGTRAQ Your Name
SUB NTBUGTRAQ Russ Cooper (for example)
R.C. Consulting, Inc. - NT/Internet Security Consulting