|
|
|
|
| |
| Microsoft has released a patch that eliminates a security vulnerability affecting Microsoft Windows 2000 domain controllers. The vulnerability allows a malicious user with physical access to a domain controller to install malicious software on it. |
| |
Credit:
This vulnerability was discovered by John Sherriff of the Wool Research Organization of New Zealand.
|
| |
Vulnerable systems:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Immune systems:
Microsoft Windows 2000 Professional
Windows 2000 provides several special operating modes that can be chosen at boot time in order to allow the administrator to troubleshoot and restore a machine with a damaged configuration. One of these, Directory Service Restore Mode, is designed to allow the Active Directory to be repaired and restored on a domain controller. A password is required in order to operate the system in this mode. However, if the "Configure Your Server" tool were used when the machine was originally promoted to domain controller, that password would be blank. This could enable a malicious user to log onto the machine in Directory Service Restore Mode. Once logged on, the malicious user could alter system components or install bogus ones that would execute when a bona fide administrator subsequently logged onto the machine.
There are three significant mitigating factors associated with this vulnerability:
The malicious user would need physical access to the machine in order to log into it in Directory Service Restore Mode. However, security best practices strongly recommend against ever giving unprivileged users physical access to critical servers like domain controllers. Customers who have followed this guidance would not be affected by the vulnerability.
The vulnerability only occurs if the "Configure Your Server" tool was used to promote the server to domain controller. If the DCPROMO tool was used, the machine could not be affected by the vulnerability.
The "Configure Your Server" tool can only be run on the first domain controller in a forest. As a result, no other servers could be affected by the vulnerability.
A second troubleshooting mode also is affected. When the Directory Service Restore Mode password is set, the password for the Recovery Console is automatically synchronized with it. As a result, machines affected by this vulnerability would have a blank password for both the Directory Service Restore Mode and the Recovery Console. However, the scope of the vulnerability is unchanged by the involvement of the Recovery Console, for better or worse.
Patch Availability
See: http://www.microsoft.com/technet/security/bulletin/MS00-099.asp for patch information.
|
|
|
|
|
|
|
