
Windows NT Network Monitor
This service allows any Windows NT computer to act as a network sniffer. In
order to connect to the Network Monitor, administrator level access is required,
and the software needed to connect is only distributed with Windows NT Server
4.0, and Microsoft SMS. An additional password is required to operate the
Network Monitor agent, and this password is very weakly encrypted into a DLL.
Anyone with read access to BHSUPP.DLL can obtain the password. It is recommended
that the Network Monitor agent only be run where absolutely needed, and that
the password used (if any) not allow access to any other resources.
Risk: Medium
OS Vulnerable: Windows NT
Fix: Disable the Network Monitor agent, and remove BHSUPP.DLL. If the Network
Monitor is required, use a unique password (or none). At the time of this
writing, Microsoft is aware of the problem and may address it in a future service pack.