CERTVU:960267Microsoft Windows 2000 fails to apply Group Policy to clients when policy file has been opened using exclusive read access (MS02-016)
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.0%
Overview
A vulnerability in the locking of Group Policy Files under Windows 2000 may allow a local intruder to circumvent recently applied policy settings.
Description
When a user logs onto a Windows 2000 system, a number of “security policy” settings are applied to that user’s session. The settings are stored in the Active Directory in an object called the Group Policy Object (GPO). Because the GPO supports file locking like other file system objects, a local attacker may be able to obtain an exclusive-read lock on the GPO. This exclusive-read lock will prevent subsequent logons by all users of the system to use the policy settings in effect before the lock was obtained. This may prevent recently updated policies from being applied to subsequent logons. While this change would affect all users of the system, the transparent nature of the group policy system would not present any clear indication that the policy settings were not correctly applied.
Impact
A local intruder who is able to gain an exclusive lock on the policy files may be able to prevent new policy settings from affecting subsequent logons.
Solution
Apply a Patch
Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at:
<http://www.microsoft.com/technet/security/bulletin/ms02-016.asp>
Vendor Information
960267
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Affected
Updated: July 16, 2002
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Microsoft has published a security bulletin describing this vulnerability at:
<http://www.microsoft.com/technet/security/bulletin/ms02-016.asp>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23960267 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/technet/security/bulletin/ms02-016.asp>
- <http://www.securityfocus.com/bid/4438>
- <http://online.securityfocus.com/archive/1/244329>
- <http://www.security.nnov.ru/search/news.asp?binid=1613>
- <http://www.security.nnov.ru/advisories/filelock.asp>
Acknowledgements
This vulnerability was discovered by security.nnov.
This document was written by Cory F. Cohen.
Other Information
| CVE IDs: | CVE-2002-0051 |
|---|---|
| Severity Metric: | 4.17 Date Public: |
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.0%