Is this something to be concerned about in a Win or NT environment?
No, NT features device aware access controls so even if a remote user is able to access the Admin account (for example) their permissions will be different than an Admin user connecting locally or via a trusted path. (the specifics of this are well off the subject so PM me if you'd like more information.)

I think exploits like this will continually be a threat to UN*Xland until a more workable PAM is developed (since root ain't going away anytime soon) that could effectively deligate out privileges incrementally. Yeah it would be more of a pain, but really how often do you need more than one or two of root's privileges sets in a single session?

The other solution is a very small and I mean _very small_ serivce that only handles a predefined set of root tasks. This would limit the potential for abuse, but still fails to adequently resolve the issue of trust. Perhaps if it dumped the task into a que with a 15 minute propigation delay and perhaps 5 additional minutes per task, this would make it exceptionally difficult to exploit effectively.

Lots of possibilities, but until some reigns are put on root, at least remotely this issues will constantly be lurking around ever corner and patching isn't gonna make them go away.

catch