Reported November 23, 2000 by Microsoft

VERSIONS AFFECTED
  • Microsoft Windows 2000 Service Pack 1

DESCRIPTION

Microsoft has released a security bulletin, MS00-089, to address an issue with Windows 2000, all versions running SP1.  A flaw in the way that NTLM authentication operates in Windows 2000 could allow a domain account lockout policy to be bypassed.  

VENDOR RESPONSE

Microsoft has released a security bulletin, MS00-089 and patches to repair the vulnerability.

A patch is available at;

 http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25606

CREDIT
Discovered by
Brett Finch