Flaw in Win 2000, NT 4.0 makes domains ‘too trusting’
Source: Network World Fusion
A flaw in the way Microsoft's Windows 2000 and NT 4.0 server operating systems authenticate users across domains could allow somebody with administrator privileges to extend that power to other domains, Microsoft warned Wednesday.
Although the flaw is "extremely difficult" to exploit, the worst case scenario associated with it is "serious," Microsoft said in a security bulletin. Administrators are encouraged to consider installing a software fix, if physical and personnel security considerations indicate sufficient risk, the software maker said.
The flaw lies in the trust relationships between network domains in Win 2000 and NT 4.0 environments. The trusting domain does not verify that the trusted domain is actually authoritative for all the security identifiers (SID) in the authorization data, allowing an attacker to increase his or her access level, Microsoft said.