Microsoft Information for VU#602625
KTH Kerberos environment variables krb4proxy and KRBCONFDIR may be used insecurely
Windows 2000 does not support Kerb IV. W2K does not provide a kerberized telnetd, nor a Krb4 proxy server - therefore we're not vulnerable to VU#602625.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.