Another Y2K Exploit Surfaces in SP4
A systems administrator in New York discovered an elusive Year 2000 problem in Windows NT Service Pack 4 (SP4) -- the service pack Microsoft Corp. recommends for full Y2K compliance.
A systems administrator in New York discovered an elusive Year 2000 problem in Windows NT Service Pack 4 (SP4) -- the service pack Microsoft Corp. recommends for full Y2K compliance.
Ilya Slavin, a system administrator with Tudor Investments in New York, discovered the latest SP4 Year 2000 problem while testing an SP4-updated Windows NT system for Year 2000 compliance. According to Slavin, he initiated a file copy after setting the system time to several seconds before 12:00 AM on January 1, 2000, the rationale being that the file copy procedure would carry over into the new year. The copied file should then bear a time-stamp reflecting the millenium change.
"What I discovered is that on several occasions the system clock went backward during the file copy procedure, so that instead of falling into 12:00 AM on January 1, 2000, it went to 12:00 PM on December 31, 1999," Slavin indicates.
In the case of this latest SP4-related problem, both Slavin and Russ Cooper, president of R.C. Consulting and moderator of the Windows NT Bugtraq Mailing List (www.ntbugtraq.com ), indicated that other IT managers have replicated the problem on non-Year 2000 dates, as well. The problem is by its very nature erratic, and neither Slavin, nor Cooper nor Microsoft has been able to reduplicate the issue with any regularity. On Slavin’s account, this points to a problem endemic to the Windows NT operating system. But whether Year 2000- or operating system-specific, he says, the latest issue is a problem that must be fixed.
While some members of the Windows NT user community may be frustrated that the Year 2000-compliant status of SP 4-updated Windows NT systems has been compromised on more than one occasion by the discovery of new problems, NT Bugtraq’s Cooper takes a more pragmatic approach.
"I think that you just have to look at Microsoft’s compliance statements to understand the reality, which is that the service pack versions are compliant as to what they know today, and if and when anything is discovered that makes it non-compliant, they promise to fix it in some versions," Cooper indicates. "Today, SP3 is compliant with exceptions, and SP4 is compliant and there will be no exceptions, anything that is uncovered will be fixed."
Karan Khanna, lead product manager for Windows NT Server with Microsoft, echoes Cooper’s insight. "What we’ve been saying consistently is that we will maintain SP4 and future service packs to be compliant," Khanna explains. "We’ve gone through the code-base and looked for Y2K issues before we released SP4. Over time if any issue does come to our attention we will fix it for SP4 and for future service pack releases."
According to Khanna, Microsoft’s policy is to patch Y2K- and security-related problems by means of a hotfix update, while other issues will be addressed by means of future service pack releases. The latest exploit, then, will be patched according to its applicability vis-à-vis Microsoft’s established update criteria.
Khanna also reiterated Microsoft’s position that SP4 will be maintained as Microsoft’s Year 2000 compliant Windows NT update through 2001. If and when SP5 for Windows NT ships, Khanna avers, SP4 will still be officially maintained as Microsoft’s Year 2000 compliant platform, although SP5 and all future service packs will be certified for compliancy as well. "SP4 will be the service pack for compliance going forward," Khanna contends. "Customers can comfortably deploy SP4 to keep their networks compliant, and we will maintain SP4 as the compliant platform through 2001."
As far as Tudor Investment’s Slavin is concerned, the discovery of the latest exploit serves to further reinforce the value of the Windows NT Bugtraq mailing list as a resource for Windows NT administrators. "In situations like this, you can really see the power of the user community, because when you have a problem that is this elusive and a number of people are able to reproduce it, you really have a compelling case to present to Microsoft," Slavin observes.