Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Windows Active Directory policy bypass

Microsoft Windows Active Directory policy bypass

by Mario Miri on April 16th, 2003 A vulnerability due to the way DC manages Schema and Configuration partitions could be exploited which would allow to the attacker to manipulate Schema and Configuration partitions on other DCs. This could cause serious problems on existing Windows domain. Due to the weak permissions, a Administrator user is allowed to execute certain services in the SYSTEM context to manipulate Schema and Configuration partitions.


Vulnerable:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 2000 Terminal Services SP3


Solution:
Currently there are no vendor supplied patches.
A suggested workaround is to remove SYSTEM permissions from the Schema and Configuration partitions. This may cause other problems.


Discovered by:
Rickard Berglind, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »