On July 24th Microsoft responded to our inquiry for verification of this vulnerability, stating that further investigation was underway. While users await the company"s official response, a workaround would be to protect the root directory by adjusting ACLs to block access by unauthorized users. Microsoft"s security team points out that strict ACLs can be easily adopted by reviewing and applying the "securews" Security Configuration Manager (SCM) template provided with Windows 2000.
In his original post to NTBugTraq, Brandon mentioned a way to recover from this situation. Boot to the Recovery Console according to the instructions within Support Online article Q229716, then logon as Administrator and delete the encrypted autoexec.bat file.
In addition, Martin Holden pointed out that users may set the following registry key to zero (0), which will cause Win2K to bypass autoexec.bat upon startup as described in Q185590. With that done, the file can be decrypted or removed and recreated in an unencrypted fashion.