Windows 2000 Users Vulnerable to New Attack

[William Knowles <wk () C4I ORG>]

http://updates.zdnet.com/articles/ax_51112.htm

By: Victor Latona, Updates.com
Tuesday August 29, 2000 11:00 AM

Redmond WA., After an internal team of security experts at Microsoft
discovered a security vulnerability in Windows 2000 a patch was
developed and released correcting the exploit. The "Local Security
Policy Corruption" vulnerability is a denial of service vulnerability
that could knock a machine out of a network. Sources at Microsoft say
all network operations could be disrupted if the attack was successful
against a domain controller.

The vulnerability results from a malicious user being able to corrupt
the local security policy-information that sets user permissions on a
network--of a PC. As stated by Microsoft in a recent advisory,
"Unprivileged users should not be able to cause any changes in the
local security policy on a machine. However, the vulnerability
provides a way for a normal user to corrupt parts of it, in order to
prevent it from participating in normal network operations."

What's at Risk

While the malicious user could not usurp any control over a PC on the
network, they could alter security information on a machine and
prevent it from participating in the network. This machine would be
isolated from the others and would not be able to access network
drives, printers or other network devices. The security vulnerability
becomes more severe if a domain controller were attacked. If
successful, login requests from other machines on a network would be
denied and the users would be denied service to the domain.

To recover from such an attack Microsoft asserts the only way would be
from implementing a working configuration from a backup.

Do I Need the Patch?

According to Microsoft, "This vulnerability should be taken especially
seriously. It could allow a user to significantly disrupt network
operations, and restoring an affected machine to normal service would
be a time-consuming process." All users of Windows 2000 that have not
installed Windows 2000 SP1 are vulnerable to this type of attack.
Users who have applied SP1 for Windows 2000 need not apply this patch
and are currently protected from the "Local Security Policy
Corruption" vulnerability.

To protect your PC download either: Windows 2000 SP1 or Windows 2000
"Local Security Policy Corruption" Vulnerability Patch


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".