Reported January 30, 2002, by
Microsoft.
VERSIONS AFFECTED
Windows
2000
Windows
NT 4.0
DESCRIPTION
VENDOR RESPONSE
The
vendor, Microsoft, has released security
bulletin MS02-01
to address this vulnerability and recommends that affected users apply the
security rollup packages provided in the bulletin.
CREDIT
A vulnerability exists in Windows 2000 and Windows NT 4.0 domains that
lets an attacker gain administrative access to computers in a trusting domain.
This vulnerability stems from the fact that the trusting domain
doesn't verify that the trusted domain is actually authoritative for all the
Security Identifiers (SIDs) in the authorization data. If one of the SIDs in the
list identifies a user or security group that's not in the trusted domain, the
trusting domain accepts the information and uses it for future access control
decisions. By inserting SIDs into the authorization data at the trusted domain,
an attacker can elevate his or her privileges to those associated with any user
or group, including the Domain Administrators group for the trusting domain.
Discovered by Aelita
Software and Michel Trépanier.
Privilege Escalation Vulnerability in Windows 2000/NT Domains
0 comments
Hide comments