Reported December 11, 2002, by Microsoft.
· Microsoft Windows XP (prior to Service Pack 1--SP1)
· Microsoft Windows 2000
A new vulnerability exists in Microsoft Server Message Block (SMB) that can permit an attacker to silently downgrade the SMB Signing settings on a vulnerable system. This vulnerability can expose any SMB session to tampering, but the most serious scenario involves changing Group Policy information as it's disseminated from a Win2K domain controller (DC) to a newly logged-on network client.
Microsoft has released Security Bulletin MS02-070, "Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin. This patch is included in XP SP1 and will be included in Win2K SP4.
Discovered by Microsoft.