Re: MS Security Bulletins MS02-016/MS02-017

From: 3APA3A (3APA3A@SECURITY.NNOV.RU)
Date: 04/05/02


Date:         Fri, 5 Apr 2002 10:36:05 +0400
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Dear Russ,

--Thursday, April 4, 2002, 10:52:27 PM, you wrote to NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM:

R> As for MS02-016, that hasn't been released either (some people were
R> wondering if they missed one because NSFocus referenced 17 but people
R> haven't seen 16 yet). MS don't number these as they are released. I
R> don't know specifically at what point the number is assigned, but
R> suffice it to say its before the bulletin is completed. As such, its
R> possible that bulletins are not released in sequential order (this has
R> happened several times in the past).

Microsoft Security Bulletin MS02-016 Q318593: Opening Group Policy Files
for Exclusive Read Blocks Policy

This issue was released on December, 5 2001 by SECURITY.NNOV See:

SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain)
http://online.securityfocus.com/archive/1/244329

Group policy DoS in Windows NT/2000
http://www.security.nnov.ru/search/news.asp?binid=1613

SECURITY.NNOV advisories: File locking and security
http://www.security.nnov.ru/advisories/filelock.asp

--
~/ZARAZA
...без дубинки никогда не принимался он за программирование. (Лем)



Relevant Pages

  • Re: Bit of advice on current AD structure.
    ... If you can do everything you need to do from a GPO and security standpoint there is no reason to move to something more complex. ... So you need to figure out what your security and group policy strategy is, then make your design. ... I am really disliking native delegation of security for user objects more and more as new apps come out and having rights to the users gives you rights to harm the apps, things like Exchange come to mind here where an admin who can directly manipulate user objects can cause nightmares for folks managing the Exchange Service. ...
    (microsoft.public.windows.server.active_directory)
  • Re: restrictions in effect
    ... I wonder if some security software installed on that client PC is causing your inability to change the home page. ... You could control the home page with a group policy, but it seems like that would be applying elsewhere besides this one PC. ... Then for the printing thing, I think I'd start by going to the IE Internet Options, Advanced tab, and click "Restore advanced settings." ...
    (microsoft.public.windows.server.sbs)
  • Re: lets vote for better security
    ... Liberals and security professionals who occassionally wear a black hat. ... Then MSFT started disabling things by default and a lot of the community ... Since when is an app responsible for the ... :>: default installation and be disable-able by Group Policy. ...
    (microsoft.public.security)
  • Re: Windows Update Error on XP 64bit: update is redirected from v6
    ... Proxycfg settings WORKED. ... Microsoft Windows 2000 Operating System Group Policy Result tool ... The user is a member of the following security groups: ...
    (microsoft.public.windowsupdate)
  • Re: lockdown desktop without Group Policy
    ... security groups were removed from the list. ... I can now no longer edit group policy. ... Logon as an administrator ... Create a new local group named "GP Editors" ...
    (microsoft.public.windows.terminal_services)