Overview
A vulnerability in the locking of Group Policy Files under Windows 2000 may allow a local intruder to circumvent recently applied policy settings.
Description
When a user logs onto a Windows 2000 system, a number of "security policy" settings are applied to that user's session. The settings are stored in the Active Directory in an object called the Group Policy Object (GPO). Because the GPO supports file locking like other file system objects, a local attacker may be able to obtain an exclusive-read lock on the GPO. This exclusive-read lock will prevent subsequent logons by all users of the system to use the policy settings in effect before the lock was obtained. This may prevent recently updated policies from being applied to subsequent logons. While this change would affect all users of the system, the transparent nature of the group policy system would not present any clear indication that the policy settings were not correctly applied. |
Impact
A local intruder who is able to gain an exclusive lock on the policy files may be able to prevent new policy settings from affecting subsequent logons. |
Solution
Apply a Patch Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at: |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by security.nnov.
This document was written by Cory F. Cohen.
Other Information
| CVE IDs: | CVE-2002-0051 |
| Severity Metric: | 4.17 |
| Date Public: | 2001-12-05 |
| Date First Published: | 2002-09-27 |
| Date Last Updated: | 2002-09-27 17:49 UTC |
| Document Revision: | 7 |