Critical Vulnerability Found in Domain Controllers

Microsoft alerted users to a critical unchecked buffer vulnerability in a service that is enabled by default on Windows 2000 and Windows NT 4.0 domain controllers.

The alert was one of three security alerts that Microsoft sent to users on Wednesday night. The other new security holes both rate as "moderate" vulnerabilities in Microsoft's threat risk scale. The affected products are Content Management Server 2001 and Outlook 2002. The three alerts were the first batch of security bulletins out of Redmond for 2003.

The critical problem in Windows 2000 and Windows NT 4.0 domain controllers involves the Locator service, which maps logical names to network-specific names. The service is present in Windows NT 4.0, Windows 2000 and Windows XP, although it is only enabled by default in domain controllers.

According to Microsoft, the vulnerability could allow code of an attacker's choice to be executed. To exploit the vulnerability, an attacker would have to send a specially malformed request to the Locator service. Microsoft contends that a properly configured firewall would block Internet-based attackers from exploiting the hole.

A patch for the vulnerability is available at

Microsoft developed a cumulative patch in fixing the new flaw affecting Content Management Server 2001. The flaw, which does not affect the newer Content Management Server 2002, requires an attacker to follow a complex series of technical and social engineering steps, one of which would be to lure a victim user to a page. Once there, the attacker could wrongfully obtain information disclosed by the user.

The cumulative patch can be found at

The Outlook 2002 flaw addressed in the third bulletin could result in supposedly encrypted messages being sent in plain text. When users select a less common method of encryption, known as V1 Exchange Server Security Certificates, their HTML e-mail messages can go out in plain text.

"As a result of this flaw, Outlook fails to encrypt the mail correctly and the message will be sent in plain text. This could cause the information in the e-mail to be exposed when the user believed it to be protected through encryption," Microsoft's security bulletin reads.

A patch for the Outlook 2002 flaw is available at

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.