|
|
|
 |
Vulnerability Note VU#960267Microsoft Windows 2000 fails to apply Group Policy to clients when policy file has been opened using exclusive read access (MS02-016)OverviewA vulnerability in the locking of Group Policy Files under Windows 2000 may allow a local intruder to circumvent recently applied policy settings.I. DescriptionWhen a user logs onto a Windows 2000 system, a number of "security policy" settings are applied to that user's session. The settings are stored in the Active Directory in an object called the Group Policy Object (GPO). Because the GPO supports file locking like other file system objects, a local attacker may be able to obtain an exclusive-read lock on the GPO. This exclusive-read lock will prevent subsequent logons by all users of the system to use the policy settings in effect before the lock was obtained. This may prevent recently updated policies from being applied to subsequent logons. While this change would affect all users of the system, the transparent nature of the group policy system would not present any clear indication that the policy settings were not correctly applied.II. ImpactA local intruder who is able to gain an exclusive lock on the policy files may be able to prevent new policy settings from affecting subsequent logons.III. SolutionApply a PatchMicrosoft has published patches correcting this vulnerability. The patches are listed in their advisory at: Systems Affected
References
This vulnerability was discovered by security.nnov. This document was written by Cory F. Cohen.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader