漏洞信息详情

Microsoft Windows 2000目录服务储存模式空白密码漏洞

• CNNVD编号：CNNVD-200102-012
• 危害等级： 高危
  
• CVE编号： CVE-2001-0048
• 漏洞类型： 设计错误
• 发布时间： 2001-02-12
• 威胁类型： 本地
• 更新时间： 2005-10-20
• 厂        商： microsoft
• 漏洞来源： Discovered by John...

漏洞简介

Microsoft 2000域控制器\"Configure Your Server\"工具安装Directory Service Restore Mode空白密码。物理访问控制器的攻击者可以利用该漏洞安装恶意程序，也称为\"Directory Service Restore Mode Password\"漏洞。

漏洞公告

Microsoft has released patches which will eliminate this vulnerability. The patch also includes the SETPWD tool which allows the administrator to modify the value of the Directory Service Restore Mode and Recovery Console password. The command syntax for the tool is: SETPWD [/s:servername] Microsoft Windows 2000 Advanced Server

• Microsoft Q271641 http://download.microsoft.com/download/win2000platform/Patch/q271641/N T5/EN-US/Q271641_W2K_SP2_x86_en.EXE

• Microsoft Q271641 http://download.microsoft.com/download/win2000platform/Patch/q271641/N T5/EN-US/Q271641_W2K_SP2_x86_en.EXE

参考网址

来源: BID 名称: 2133 链接:http://www.securityfocus.com/bid/2133 来源: MS 名称: MS00-099 链接:http://www.microsoft.com/technet/security/bulletin/MS00-099.asp

受影响实体

• Microsoft Windows_2000:Server  
• Microsoft Windows_2000:Advanced_server  

补丁

暂无