Windows 2000 users left with unfixable flaw

Sixteen of New Zealand's top 100 computer users, including some banks and government agencies, may be unable to fully protect some of their computers from hackers after Microsoft said it would not patch a fault in the Windows 2000 operating system.

Microsoft issued a fix for a vulnerability in other operating systems affected by a networking flaw on Tuesday, but said it could not patch Windows 2000 without rewriting a significant portion of the operating system, which might prevent some software applications working properly.

National technology spokesman Brett Roberts says the risks outweigh the benefits. Hackers should not be able to exploit the vulnerability via internet-based threats if computers were sitting behind a firewall, which would be standard practice.

Microsoft will stop supporting Windows 2000 in July. But companies should consider speeding up upgrades to other operating systems, if they were not already under way, he says.

An annual survey by MIS magazine in June indicated Windows 2000 was still used by ANZ National Bank, the Labour Department and TelstraClear, among others.

The Labour Department says it has only a small number of Windows 2000 machines. ANZ National Bank and TelstraClear declined to comment. The operating system was not marketed to consumers.

Jonathan Berry, manager of the Centre for Critical Infrastructure Protection, says agencies need to understand the impact of the vulnerability and whether it could be exploited. The centre advises agencies on security threats.

"Where they can take mitigating steps good and well, but they should also be prepared for the potential for things to go wrong."

- © Fairfax NZ News