Security Bulletin

Information on the “Back Orifice” Program

Published: August 04, 1998 | Updated: August 12, 1998

Version: 1.2

Last Revision: August 12, 1998

Summary

On July 21, a self-described hacker group known as the Cult of the Dead Cow released a program called “Back Orifice,” and suggested that users of the Microsoft® Windows® operating system were somehow at risk from unauthorized attacks. Microsoft takes security seriously, and has issued this bulletin to advise customers that users of Windows 95 and Windows 98 following safe computing practices (including not installing software from unknown and untrusted sources) are not at risk. Additionally, users of the Microsoft Windows NT® operating system and the Microsoft BackOffice® suite of products are not threatened in any way by this tool, because it does not even run on Windows NT Server.

The Claims About “Back Orifice”

It is unclear from the author’s statements what “Back Orifice” is intended to do. In the press release that accompanied its release, “Back Orifice” is alternately described as an administrative tool or as something that demonstrates some security vulnerability in the Windows platform.

The author claims the program can be used for purposes such as:

• Remotely controlling and monitoring a computer running Windows
• Reading everything that the user types at the keyboard
• Capturing images that are displayed on the monitor
• Uploading and downloading files remotely
• Redirecting information to a remote Internet site

It is important to understand that programs allowing users to remotely control their computer should be installed with caution because they have the potential to be misused. Users should not install such types of programs from unknown bulletin boards or hacker web sites. There are many well-supported commercial tools from reputable vendors that