Windows 95 Update to Encrypt Passwords in Memory

 Last reviewed: September 9, 1997
Article ID: Q165402
The information in this article applies to:
  • Microsoft Windows 95
  • Microsoft Windows 95 OEM Service Release versions 1, 2, 2.1

SYMPTOMS

If a computer running Windows 95 is left unattended while a user is logged on to a network, it may be possible to obtain that user's network password by a programmatic examination of the computer's memory. Typically, accomplishing this would require physical access to the computer. However, the network password could also potentially be acquired if a program designed to search for passwords using the same examination of memory were to be downloaded and run by a currently logged-on user.

CAUSE

In Windows 95, passwords are encrypted before being sent over the network. However, the network password for the user who is currently logged on to the Windows 95-based computer is stored temporarily in memory in an unencrypted format.

Using detailed knowledge of Windows 95 internal memory structures, it may be possible to write a program that runs in Windows 95 and reads the password for the currently logged-on user from memory.

RESOLUTION

Microsoft recommends the following precautions to prevent the current user's network password from being accessed by unauthorized means:

  • Log off the computer when you leave it for long periods of time.
  • Run a password-protected screen saver when you leave the computer for short periods of time.
  • Do not run untrusted programs on the network, the Web, or that have been sent in e-mail.
  • Install the update described in this article.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Windows 95 and OEM Service Release 2 (OSR2). An update to address this problem is now available.

This issue is resolved by the following updated files:

  • For Windows 95 (all releases): 

          Mprserv.dll version 4.00.955 (dated 6/12/97) and later
      Nwnet32.dll version 4.00.951 (dated 4/21/97) and later
      Nwredir.vxd version 4.00.960 (dated 4/21/97) and later
      Pppmac.vxd version 4.00.954 (dated 4/28/97) and later
      Vredir.vxd version 4.00.1114 (dated 6/2/97) and later
      Vnetsup.vxd version 4.00.1112 (dated 6/2/97) and later
  • For Windows 95 (retail release) and OEM Service Release 1 (OSR1) only: 

          Rasapi32.dll version 4.00.954 (dated 4/25/97) and later
  • For Windows 95 OSR2 and OSR2.1 only: 

          Rasapi32.dll version 4.00.1113 (dated 4/25/97) and later
  • For the Microsoft Service for NetWare Directory Services [MSNDS] (all Windows 95 releases): 

          Nwredir.vxd version 4.00.975 (dated 4/21/97) and later

To install this update, follow these steps:

  1. Download the appropriate update file(s) to an empty folder.

a. If you are running Windows 95 retail release (version 4.00.950) 
   or OSR1 (version 4.00.950 A), download the Secupd.exe file.
b. If you are running Windows 95 OEM Service Release 2 or 2.1 
   (version 4.00.950 B), download the Secupd2.exe file.
c. If you are running the Microsoft Client for NetWare Networks 
   with the Microsoft Service for NetWare Directory Services (MSNDS)
   installed, also download the Nwredup4.exe file.

  • In My Computer or Windows Explorer, double-click the update file(s) you downloaded in step 1.

  • Follow the instructions on the screen.

    The following file are available for download from the Microsoft Software Library: 

     ~ Secupd.exe (size: 496272 bytes) 
 ~ Secupd2.exe (size: 508560 bytes) 
 ~ Nwredup4.exe (size: 226448 bytes)
    For more information about downloading files from the Microsoft Software Library, please see the following article in the Microsoft Knowledge Base: 

       ARTICLE-ID: Q119591
   TITLE     : How to Obtain Microsoft Support Files from Online Services

    MORE INFORMATION

    These components have been updated to encrypt the current user's network password even when it is stored in memory so that it cannot be read even by a programmer with detailed knowledge of Windows 95 internal memory structures.

    For additional information about Windows 95 security, see Chapter 14 ("Security") in the Windows 95 Resource Kit.

    The following files are installed by Secupd.exe: 

       File name     Version    Date/Time        Size     Destination folder
   ---------------------------------------------------------------------
   Mprserv.dll   4.00.955   6/12/97  9:54a   127,488  Windows\System
   Nwnet32.dll   4.00.951   4/21/97  9:51a    22,016  Windows\System
   Nwredir.vxd   4.00.960   4/21/97 10:00a   123,987  Windows\System
   Pppmac.vxd    4.00.954   4/28/97  9:54a   135,288  Windows\System
   Vredir.vxd    4.00.1114  6/2/97 11:14a    156,773  Windows\System
   Vnetsup.vxd   4.00.1112  6/2/97 11:12a     17,595  Windows\System
   Rasapi32.dll  4.00.954   4/25/97  9:54a   151,552  Windows\System
    The following files are installed by Secupd2.exe: 

       File name     Version    Date/Time        Size     Destination folder
   ---------------------------------------------------------------------
   Mprserv.dll   4.00.955   6/12/97  9:54a   127,488  Windows\System
   Nwnet32.dll   4.00.951   4/21/97  9:51a    22,016  Windows\System
   Nwredir.vxd   4.00.960   4/21/97 10:00a   123,987  Windows\System
   Pppmac.vxd    4.00.954   4/28/97  9:54a   135,288  Windows\System
   Vredir.vxd    4.00.1114  6/2/97 11:14a    156,773  Windows\System
   Vnetsup.vxd   4.00.1112  6/2/97 11:12a     17,595  Windows\System
   Rasapi32.dll  4.00.1113  4/25/97 11:13a   175,104  Windows\System
    The following files are installed by Nwredup4.exe: 

       File name     Version    Date/Time        Size     Destination folder
   ---------------------------------------------------------------------
   Nwredir.vxd   4.00.975   4/21/97 10:15a   178,714  Windows\System
    For additional information about issues resolved by updates to these components, please see the following articles in the Microsoft Knowledge Base:

    Vredir.vxd: 

       ARTICLE-ID: Q165403
   TITLE     : Windows 95 Update Prevents Sending Clear-Text Password
               Over Net

   ARTICLE-ID: Q161100
   TITLE     : File May Be Truncated When Copied to a Full Network
               Drive

   ARTICLE-ID: Q157114
   TITLE     : "Access Denied" Attempting to Run File on LM/X Server

   ARTICLE-ID: Q156497
   TITLE     : Duplicate Print Output on PC-LAN Server from Windows 95
               Client

   ARTICLE-ID: Q140558
   TITLE     : Deleting Files on Samba Servers May Delete Local Files
               Instead

   ARTICLE-ID: Q138249
   TITLE     : Updated Vredir.vxd Corrects Errors Running Files on LMX

   ARTICLE-ID: Q160807
   TITLE     : Cannot Connect to Windows NT Server with Many Shares

   ARTICLE-ID: Q150215
   TITLE     : Disabling Automatic Network Shortcut Resolution

   ARTICLE-ID: Q138014
   TITLE     : File May Be Truncated to Zero Bytes When Copied Onto
               Itself

   ARTICLE-ID: Q136834
   TITLE     : Error Copying Read-Only Files to Core SMB Server
    Nwredir.vxd: 

       ARTICLE-ID: Q163673
   TITLE     : "Exception 0E" Using MSNDS Over Dial-Up Connection

   ARTICLE-ID: Q160824
   TITLE     : MSNDS Drops Connections to More Than Eight Servers

   ARTICLE-ID: Q153470
   TITLE     : Incorrect Error Code Returned for Locked Files

   ARTICLE-ID: Q149606
   TITLE     : Fatal Exception 0E in VNETBIOS Using NetWare Login
               Script

   ARTICLE-ID: Q147838
   TITLE     : Cannot Access Folders with Long File Names on NetWare
               Servers

   ARTICLE-ID: Q143282
   TITLE     : No Documents Appear in the File Open Dialog Box

   ARTICLE-ID: Q139747
   TITLE     : MS-DOS-Based Program Reports Not Enough NetWare
               Server Space

   ARTICLE-ID: Q136303
   TITLE     : Connecting to Schedule+ 1.0 Calendar File Drops
               Connections
    Rasapi32.dll/Pppmac.vxd: 

       ARTICLE-ID: Q164377
   TITLE     : Cannot Connect to Remote Access Server with Dial-Up
               Networking

   ARTICLE-ID: Q149396
   TITLE     : Cannot Change Expired Windows NT Password with DUN

   ARTICLE-ID: Q154434
   TITLE     : Err Msg: No Domain Controller Was Available to
               Validate...

    • Additional query words: 95 security
    Keywords : win95 kbfile kbnetwork kbfixlist
    Version : 95
    Platform : WINDOWS

    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

    Last reviewed: September 9, 1997
    © 1998 Microsoft Corporation. All rights reserved. Terms of Use.