VULHUB ™

Microsoft Security Advisory MS02-070 - A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP enables attackers to silently downgrade the SMB Signing settings on an affected system, causing either or both systems to send unsigned data regardless of the signing policy the administrator had set. Although this vulnerability could be exploited to expose any SMB session to tampering, the most serious case would involve changing group policy information as it was being disseminated from a Windows 2000 domain controller to a newly logged-on network client. Doing this, the attacker can take actions such as adding users to the local Administrators group or installing and running code of his choice on the system.

Microsoft Security Advisory MS02-070 - A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP enables attackers to silently downgrade the SMB Signing settings on an affected system, causing either or both systems to send unsigned data regardless of the signing policy the administrator had set. Although this vulnerability could be exploited to expose any SMB session to tampering, the most serious case would involve changing group policy information as it was being disseminated from a Windows 2000 domain controller to a newly logged-on network client. Doing this, the attacker can take actions such as adding users to the local Administrators group or installing and running code of his choice on the system.