WINDOWS 2000 SECURITY HOLE

From: IT_OPS (IT_OPS_at_discussions.microsoft.com)
Date: 01/27/05 

Date: Thu, 27 Jan 2005 02:09:02 -0800

I HAVE SEEN VERY BIG SECURITY HOLE IN MY NETWORK.I HAVE SINGLE WINDOWS DOMAIN
AND DC IS ACTING AS FILE AND PRINT SERVER RUNNING ON SP4.ONE NORMAL USER
WITHOUT ANY ADMIN RIGHTS FROM XP CAN ACCESS ALL THE SHARES AND COMPLTELY
ADMINISTER DELETE FILES CAN SEE SECURITY LOG I MEAN HE CAN DO EVERYHTING.SAME
USER IF HE GOES TO OTHER PC HE CAN NOT ACCESS ANYTHING MEANS IT IS
NORMAL.AFTER THAT I UPDATE SERVER WITH ALL SECURITY PATCHES RELEASED AFTER
SP4 AND CLIENT I PUT XP SP2 BUT STILL THAT USER WITH THAT PROFILE HE IS
HAVING ADMIN RIGHTS.
ONE MORE THING IF I DELETE HIS PROFILE THEN IF HE LOGS ON THEN EVERYTHING IS
NORMAL.MEANS SOMETHING ON THAT PC WITH HIS PROFILE IF OTHERS LOG ON TO THE
SAME PC IT IS NORMAL.
MY MANAGEMET AFTER SEEING THIS WANTS REMOVE COMPLETELY WINDOWS OS FROM THE
NETWORK.PLEASE CAN ANYBODY HELP ME WHY IT IS HAPPENED.

Relevant Pages

  • Re: FBOFW 9/30/05
    ... profile based on personal characteristics, then just *profile*, ... than of making security measures more focused and effective. ... details assigned to watch their luggage for them. ... but I definitely hate it a lot less than exempting certain ...
    (rec.arts.comics.strips)
  • Windows logoff bug possible security vulnerability and exploit.
    ... Windows XP, Windows Server 2003 ... I believe that it is the purpose of the OS to provide the appropriate security and the purpose of a program to do it's task and not implement the security of the OS. ... The security problem I'm discussing occurs when a user profile fails to unload during logoff. ...
    (Bugtraq)
  • Cant create new user accounts - XP Pro SP2
    ... When logging in as the new user, XP displays an error that the profile ... following Microsoft's instructions to regenerate the security database ... Open the %SystemRoot%\Security folder, create a new folder, and ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Wierd Profile in Document Settings
    ... by a bug in how WMI security handles Unicode. ... the profile directory is because it's actually the SYSTEM profile. ... >files in any of the folders other than the standard generic ones created ... world's premier technical IT security event! ...
    (Incidents)
  • Re: Roaming Profile Not Staying Mandatory
    ... this account is a school and they want to be able to track the ... They use symantec web security which also requires security. ... The parent profile share is hidden with the name mprofile$. ...
    (microsoft.public.win2000.setup)