Uncovering and exploiting Windows vulnerabilities has become as sport for many, and in a number of cases, even a career. We've rounded up a list of the worst Windows flaws we've endured since the introduction of Windows 98

Windows may be one of the world's most popular operating systems, but it's swamped with bugs that leave it open to exploits. No matter which version you choose; Vista, XP, 2000 or even 98, you're sure to find some area of the OS that has been compromised thanks to a bug.

In fact, uncovering and exploiting Windows vulnerabilities has made sport for many and careers for many more. Entire industries have sprung up to protect Windows users from previously unknown flaws, while malware authors have matured their practices from juvenile pranks to moneymaking criminal enterprises.

These errors, buried in millions of lines of code, have steered great corporations and turned the tide of fortunes. It's high time they got the credit they deserve. We've rounded up a list of the worst Windows flaws we've endured since the introduction of Windows 98.

The password 'password' would have been more secure

Bug identifier: VCE-2000-0979, MS00-072
Description: Share Level Password vulnerability
Alias: Windows 9x share password bypass
Date published:
October 10, 2000

Windows 9x introduced a nifty little concept wherein users could host a password-protected mini file server, aka a share, on their PCs. The idea was simple: allow users of networked computers to host and share files securely. Only the padlock Microsoft used to lock the door came equipped with a gaping hole that rendered it useless.

"When processing authentication requests for a NetBIOS share, Windows 95/98 would look at the length of the password sent by the attacker and then only compare that number of bytes to the real password," says vulnerability expert HD Moore, who manages the Metasploit Framework project.

"This let the attack specify a password of zero bytes and gain access to the share," without actually knowing the password at all," Moore explains.

"The real damage," he continues, "was that by trying all characters of incrementing lengths, they could literally obtain the password for share from the server."

Upshot: Rather than functioning as a lock on a door, the password authentication scheme for Windows 95/98's File and Print Sharing acted more like a nail through a hasp - to open the door you only needed to pull out the nail, with hardly any effort.

NEXT PAGE: Total server control with a single URL

  1. These bugs caused serious damage
  2. Total server control with a single URL
  3. The Code Red bug
  4. The fastest infection ever
  5. The Blaster Worm bug
  6. The sassy bug with a lot of spunk
  7. Drive-by downloads
  8. The component that keeps on giving (headaches)

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews