Date: Wed, 07 Feb 2001 23:44:09 +0000 From: Paul Richards <paul@originative.co.uk> To: chat@freebsd.org Subject: Laugh: [Fwd: Microsoft Security Bulletin MS01-008] Message-ID: <3A81DDC9.EF6D7D84@originative.co.uk>
next in thread | raw e-mail | index | archive | help
These always amuse me when I get them, this one's more amusing than most. Microsoft Product Security wrote: > > The following is a Security Bulletin from the Microsoft Product Security > Notification Service. > > Please do not reply to this message, as it was sent from an unattended > mailbox. > ******************************** > > -----BEGIN PGP SIGNED MESSAGE----- > > - --------------------------------------------------------------------- > Title: NTLMSSP Privilege Elevation Vulnerability > Date: 07 February 2001 > Software: Windows NT 4.0 > Impact: Privilege Elevation > Bulletin: MS01-008 > > Microsoft encourages customers to review the Security Bulletin at: > http://www.microsoft.com/technet/security/bulletin/ms01-008.asp > - --------------------------------------------------------------------- > > Issue: > ====== > A flaw in the NTLM Security Support Provider (NTLMSSP) service could > potentially allow a non-administrative user to gain administrative > control over the system. In order to perform this attack the user > would need a valid login account and the ability to execute arbitrary > code on the system. > > Mitigating Controls: > ==================== > - This vulnerability could only be exploited by an attacker > who could log onto the affected machine interactively. > > - Servers could only be affected if the attacker were given the > ability to load a program of her choice onto the machine and > execute it locally. Best practices recommend against this. You've gotta laugh really, a root compromise exists and the mitigating controls are to not let anyone use the box! Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A81DDC9.EF6D7D84>