|
|||||||
| Notices |
 |
|
|
LinkBack | Thread Tools | Display Modes |
Jan 23, 2003, 07:21 AM
|
#1 (permalink) |
|
Unbiased.
Join Date: Jun 2002
Posts: 4,812
 |
Windows Critical Security Update
There is another Windows Security flaw, this time one that allows remote alteration of the Group Policy...
MS02-070: Flaw in SMB Signing May Permit Group Policy to Be Modified The information in this article applies to: * Microsoft Windows 2000 Advanced Server * Microsoft Windows 2000 Professional * Microsoft Windows 2000 Server * Microsoft Windows XP 64-Bit Edition * Microsoft Windows XP Home Edition * Microsoft Windows XP Professional SYMPTOMS Support for the Server Message Block (SMB) protocol is included in all versions of Windows. Although SMB is a file-sharing protocol, SMB is also used for other purposes. One of these purposes is disseminating Group Policy settings from domain controllers to computers that log on. Beginning with Windows 2000, it is possible to improve the integrity of SMB sessions by digitally signing all packets in a session. Windows 2000 and Windows XP can be configured to always sign, never sign, or sign only if the other party requires it. A flaw in the implementation of SMB signing in Windows 2000 and Windows XP can permit an attacker to silently downgrade the SMB signing settings on an affected computer. To do this, an attacker must have access to the session negotiation data as it is exchanged between a client and server, and must be able to modify the data in a way that exploits the flaw. This can cause either or both computers to send unsigned data no matter what signing policy the administrator sets. After the attacker downgrades the signing setting, the attacker can continue to monitor and change data in the session. The lack of signing prevents the communicators from detecting the changes. Although this vulnerability can be exploited to expose any SMB session to tampering, the most serious case involves changing Group Policy settings as they are disseminated from a Windows 2000-based domain controller to a newly logged-on network client. By doing this, an attacker can take actions such as adding users to the local Administrators group or installing and running code on the computer. Note that Windows XP cannot be used as a domain controller. Therefore, this scenario does not apply to Windows XP. This is the highest-risk scenario that is associated with the vulnerability. Error page from Microsoft is here. Windows 2000 update, non-NEC-Japanese version download is here. Windows 2000 update, NEC-Japanese version download is here. Windows XP 32 bit update download is here. Windows XP 64 bit update download is here. |
|
|
Linear Mode
