|
|
Microsoft Win2000 'Mixed Object Access' Vulnerability patch
-
Version
1
Eliminates a security vulnerability in Microsoft Windows 2000 that could, under very specific conditions, allow a malicious user to change information in the Active Directory that he should not be able to change. Active Directory allows for access control of directory objects on a per-attribute basis. However, the vulnerability at issue here could allow a malicious user to modify object attributes that he does not have permission to modify, as long as he combined the operation in a particular way with ones involving attributes that he does have permission to modify. The vulnerability does not afford the malicious user an opportunity to modify all objects in a class - only the specific class objects for which he has permission to modify at least one attribute. Further, the vulnerability provides no capability to bypass normal authentication or Windows 2000 auditing, so administrators could determine if this vulnerability were being exploited, and by whom.
|