LAN Manager security

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: LM security
Platforms: Windows NT, Windows 95
Description:

LAN Manager (LM) challenge/response authentication is enabled for network authentication. This level of authentication is less secure than Windows NT to NT authentication. LAN Manager-style hashes are easily broken by a brute force attack.
Remedy:

Apply the latest Windows NT 4.0 Service Pack, follow these steps:

  1. Open a web browser.
  2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
  3. Find the installation program you downloaded to your computer.
  4. Double-click the program icon to start the installation.
  5. Follow the installation directions.

—OR—

Note: This lm-fix patch is not available as of 10 February 99. Microsoft has pulled the patch for compatibility issues. For more information, read the readme file in the following directory.

Windows NT 4.0 SP3 users must apply the lm-fix patch available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/lm-fix/.

Note: Applying the lm-fix patch will prevent you from accessing a Windows 95 share from this Windows NT machine. You must re-create the LMCompatibilityLevel registry value as described in the following procedure.

—AND—

Using the Registry Editor, set the HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA\LMCompatibilityLevel value to 1 (Send Windows NT authentication and LM authentication only if the server requests it) or 2 (Never send LM authentication). If 2 is selected, the host cannot connect to servers that support only LM authentication, such as Windows 95 and Windows for Workgroups.

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
References:

Microsoft Knowledge Base Article Q147706, How to Disable LM Authentication on Windows NT, http://support.microsoft.com/support/kb/articles/q147/7/06.asp
X-Force Logo
Know Your Risks