Reported December 11, 2002, by
Microsoft.
VERSIONS AFFECTED
·
Microsoft Windows XP (prior to Service Pack 1--SP1)
·
Microsoft Windows 2000
DESCRIPTION
A new vulnerability exists in Microsoft
Server Message Block (SMB) that can permit an attacker to silently
downgrade the SMB Signing settings on a vulnerable system. This vulnerability
can expose any SMB session to tampering, but the most serious scenario involves
changing Group Policy information as it's disseminated from a Win2K domain
controller (DC) to a newly logged-on network client.
VENDOR RESPONSE
Microsoft
has released Security Bulletin MS02-070,
"Flaw in SMB Signing Could Enable Group Policy to be Modified
(309376)," to address this vulnerability and recommends that affected users
immediately apply the appropriate patch mentioned in the bulletin. This patch is
included in XP SP1 and will be included in Win2K SP4.
CREDIT
Discovered
by Microsoft.
Vulnerability In Microsoft's Server Message Block for Windows XP and Windows 2000
1 comment
Hide comments