| VID |
26007 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q269609) for the "Local Security Policy Corruption" problem has not been applied.
This vulnerability allows a malicious user to corrupt parts of a Windows 2000 system's local security policy via malformed RPC traffic, which may prevent this host from communicating with other hosts in this domain.
If a workstation or member server were attacked via this vulnerability, it would effectively remove the machine from the domain; if a domain controller were attacked, it could no longer process domain logon requests. Recovering from such an attack would likely require that a known-working configuration be restored from backup.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows 2000
* References:
http://www.iss.net/security_center/static/5171.php
http://www.microsoft.com/technet/security/bulletin/ms00-062.asp |
| Recommendation |
Apply the latest Windows 2000 Service Pack (SP1 or later), or apply the patch for this vulnerability, as listed in Microsoft Security Bulletin MS00-062. (http://www.microsoft.com/technet/security/bulletin/ms00-062.asp) |
| Related URL |
CVE-2000-0771 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
