VULHUB ™

A potential vulnerability has been reported in Windows 2000 that could allow a domain controller to be spoofed. The vulnerability exists because the function MyGetSidFromDomain calls the insecure DsGetDCName API. Precise details of this vulnerability are not available at this time. This record will be updated when more information becomes available. This issue was announced with the release of Microsoft Windows 2000 SP4. BID 8045 was sent out to acknowledge the release of this service pack and the announcement of a number of new vulnerabilities. Analysis of these issues is completed and each of the issues is now being assigned its own BID.

A potential vulnerability has been reported in Windows 2000 that could allow a domain controller to be spoofed. The vulnerability exists because the function MyGetSidFromDomain calls the insecure DsGetDCName API. Precise details of this vulnerability are not available at this time. This record will be updated when more information becomes available. This issue was announced with the release of Microsoft Windows 2000 SP4. BID 8045 was sent out to acknowledge the release of this service pack and the announcement of a number of new vulnerabilities. Analysis of these issues is completed and each of the issues is now being assigned its own BID.