Worst Windows flaws of the past decade

The exploits and oversights that left Redmond with egg on its face

June 25, 1998, and June 30, 2008, marked two important milestones in Microsoft's evolution of the Windows OS -- the passing of the torch from Windows 95 to Windows 98, and the less seemly transition from XP to Vista.

In the 3,659 days between, users of Windows have been forced to bear witness to another evolution of sorts: bugs that left Windows open to exploits that appeared almost as fast as you could say, "On the Origin of Species."


For some fun of the hacker and admin variety, see "Stupid hacker tricks: The folly of youth" and "Stupid user tricks: IT admin follies."

Uncovering -- and exploiting -- Windows vulnerabilities has made sport for many and careers for many more. Entire industries have sprung up to protect Windows users from previously unknown flaws, while malware authors have matured their practices from juvenile pranks to moneymaking criminal enterprises.

Caught in the middle of this never-ending onslaught is the innocent PC user and the besieged IT admin -- you. And though Microsoft and the entire software industry have labored tirelessly to handle zero-day exploits and to develop protocols for reporting potential security problems, we've seen and experienced several colossal security meltdowns thanks to the humble Windows bug.

These errors, buried in millions of lines of code, have steered great corporations and turned the tide of fortunes. It's high time they got the credit they deserve. Here are the worst Windows flaws we've endured since the introduction of Windows 98.

Password "password" would have been more secure

Bug identifier: VCE-2000-0979, MS00-072

Description: Share Level Password vulnerability

Alias: Windows 9x share password bypass

Date published: October 10, 2000

Windows 9x introduced a nifty little concept wherein users could host a password-protected mini file server, aka a share, on their PCs. The idea was simple: Allow users of networked computers to host and share files securely. Only the padlock Microsoft used to lock the door came equipped with a gaping hole that rendered it useless.

"When processing authentication requests for a NetBIOS share, Windows 95/98 would look at the length of the password sent by the attacker and then only compare that number of bytes to the real password," writes vulnerability expert H.D. Moore, who manages the Metasploit Framework project.

Oops. "This let the attack specify a password of zero bytes and gain access to the share," without actually knowing the password at all, Moore explains.

"The real damage," he continues, "was that by trying all characters of incrementing lengths, they could literally obtain the password for share from the server."

Upshot: Rather than functioning as a lock on a door, the password authentication scheme for Windows 95/98's File and Print Sharing acted more like a nail through a hasp -- to open the door you only needed to pull out the nail, with hardly any effort.

Join the PC World newsletter!

Error: Please check your email address.

Tags Windows Vistawindows xpWindows 2000windows 98

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

InfoWorld
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?