COMMAND

    kernel

SYSTEMS AFFECTED

    Microsoft Windows 2000 Professional, Server and Advanced Server

PROBLEM

    Following is  based on  a Microsoft  Security Bulletin (MS00-062).
    This vulnerability could allow  a malicious user to  corrupt parts
    of  a  Windows  2000  system's  local  security  policy,  with the
    effect  of  disrupting  domain  membership  and trust relationship
    information.   If  a  workstation  or  member server were attacked
    via this  vulnerability, it  would effectively  remove the machine
    from the domain; if a domain controller were attacked, it could no
    longer process  domain logon  requests.   Recovering from  such an
    attack would likely require that a known-working configuration  be
    restored from backup.

    It would not be necessary to be an authenticated domain member  in
    order to  mount an  attack via  this vulnerability.   Any user who
    could establish a RPC connection with an affected machine and send
    the proper command sequence to it could exploit the vulnerability.
    If  the  malicious  user  were  an  intranet user, he could likely
    attack any machine within the network; if the malicious user  were
    on  the  Internet,  he  could  likely  attack only machines on the
    network edge that allow RPC connections.

    The vulnerability was discovered  by an internal security  team at
    Microsoft, and, to the best of our knowledge, it is not  known "in
    the wild".  Nevertheless,  because of the serious  consequences of
    the  vulnerability,  Microsoft  encourages  all Windows 2000 users
    to  either  apply  the  patch  or  Windows  2000  Service  Pack  1
    immediately.

SOLUTION

    Microsoft Windows 2000 Datacenter  Server is not affected  by this
    vulnerability.  Patch availability:

        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24019