Flaw in SMB Signing Could Enable Group Policy to be Modified

By Thomas McGuire on December 12, 2002, 1:08 PM
Issue:
A flaw in the implementation of SMB Signing in Windows 2000 & Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system. To do this, the attacker would need access to the session negotiation data as it was exchanged between a client and server, & would need to modify the data in a way that exploits the flaw. This would cause either or both systems to send unsigned data regardless of the signing policy the administrator had set. After having downgraded the signing setting, the attacker could continue to monitor the session & change data within it; the lack of signing would prevent the communicants from detecting the changes.

Affected Software:
Microsoft Windows 2000
Microsoft Windows XP

Patch availability:
Microsoft Windows 2000:
All languages except NEC Japanese
Japanese NEC

Microsoft Windows XP:
32-bit Edition
64-bit Edition

Note - This update is already included in XP Service Pack 1.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.