Reported December 20 by Microsoft

VERSIONS AFFECTED
  • Microsoft Windows 2000

DESCRIPTION

The Configure Your Server feature in Windows 2000 creates a blank password on the OS's Directory Services Restore Mode feature.  A malicious user with physical access to the server could use this feature as an access point to change, delete, or corrupt configuration options.

VENDOR RESPONSE

Microsoft has issued a security bulletin, MS00-099 and a patch that is available at the following URL;

http://www.microsoft.com/Downloads/Release.asp?releaseID=26483

CREDIT
Discovered b
y John Sherriff, Wool Research Organization