Users login

Create an account »


Users login

Home » Hacking News » Microsoft Addresses Encryption Flaw in Win2k

Microsoft Addresses Encryption Flaw in Win2k

by platon on July 12th, 2001 A flaw in Windows 2000 could allow attackers to read copies of sensitive data that has been encrypted on the computer, Microsoft has acknowledged.

The vulnerability stems from a crash-recovery mechanism in the Encrypting File System (EFS) feature introduced in Windows 2000. In some instances, EFS automatically creates plain-text backups of files as it encrypts or decrypts them, according to a bulletin about the issue at the Microsoft site.

While EFS deletes the backup copies once the original file is successfully encrypted or decrypted, the data may still be present on the drive. This is because Windows 2000, like many operating systems, does not actually remove deleted data but instead de-allocates it so the space can be used by another file.

As a result, an attacker with physical access to the computer could potentially read the deleted data using a low-level disk editor or other tool, Microsoft warned.

According to the Microsoft site, the Windows 2000 encryption feature is designed to protect business users in the event that their laptops are stolen. The Windows 2000 server is also used widely by businesses, including Barnes & Noble and Radio Shack, for their online operations.

The weakness in the Windows 2000 EFS feature was originally reported to the company by Clem Colman of Colman Communications Consulting Pty Ltd.

According to Colman, the EFS vulnerability is compounded by the fact that most third party "disk wipe" products do not effectively "zero" unused disk space under Windows 2000.

To address the potential security issue, Microsoft has updated a Windows 2000 security utility to enable administrators to completely clean deleted data from a hard drive.

The revised utility, cipher.exe, now can overwrite all of the de-allocated data on a Windows 2000 drive, making it impossible to read the data, even using a low-level disk editor.

According to Microsoft, EFS will not create plaintext backups of encrypted files if the user follows the company's recommendation and creates sensitive files within an folder which has the Encrypt attribute set.

Microsoft cautioned administrators to install the revised tool using the installer package. "If you simply copy cipher.exe to a machine and run it, you could destroy data on the drive," said the company.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »