Account Lockout Policy in Windows 2000 Can Be Bypassed


Reported November 23, 2000 by Microsoft

VERSIONS AFFECTED
  • Microsoft Windows 2000 Service Pack 1

DESCRIPTION

Microsoft has released a security bulletin, MS00-089, to address an issue with Windows 2000, all versions running SP1.  A flaw in the way that NTLM authentication operates in Windows 2000 could allow a domain account lockout policy to be bypassed.  

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-089 and patches to repair the vulnerability.

A patch is available at;

 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25606

CREDIT
Discovered by
Brett Finch

 
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish