Security Home > Windows NT, 2000 & XP > Windows 2000
Flaw in Windows 2000 Network Connection Manager New
A security vulnerability exists in the Windows 2000 Network Connection Manager which could allow an unprivileged user to run code of their choice with full system privileges.
Opening Group Policy Files Blocks Policy Application New
A vulnerability exists in the ability to lock Group Policy files and prevent other users from reading them. Without the ability to read Group Policy files, new policy settings could not be applied to the computer or to a user's session.
Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution New
A security vulnerability exists in the Telnet service of Microsoft Windows 2000 and Microsoft Interix 2.2 which could allow a remote user to cause a denial of service or to execute code of their choice on the system.
Access Violation in Windows 2000 IrDA Driver Can Cause System to Restart New
A security vulnerability exists in the Windows 2000 IrDA driver which could allow a malicious user to send a specially crafted IrDA packet to a victim's system causing an access violation and forcing a reboot.
Authentication Error in SMTP Service Could Allow Mail Relaying New
A vulnerability exists in the Windows 2000 SMTP service that could enable an unauthorized user to conduct mail relaying by using a Windows 2000 server.
Function Exposed via LDAP over SSL Could Enable Passwords to be Changed New
A security vulnerability exists in Windows 2000 when the LDAP server has been configured to support secure LDAP over SSL.
Predictable Name Pipes Could Enable Privilege Elevation via Telnet New
Numerous vulnerabilities exist in the Windows 2000 Telnet service which may allow a malicious attacker to escalate their user privileges or cause a denial of service attack.
Malformed Request to Domain Controller can Cause Memory Exhaustion New
A core service running on all Windows 2000 domain controllers contains a flaw affecting how it processes a certain type of invalid service request which could cause memory exhaustion.
Windows 2000 Event Viewer Contains Unchecked Buffer
A security vulnerability exists in the Windows 2000 event viewer which could allow an attacker to run code of their choice by exploiting an unchecked buffer.
Malformed Domain Controller Service Request Vulnerability
A core service running on all Windows 2000 domain controllers contains a flaw affecting how it processes a certain type of invalid service request which could cause CPU exhaustion.
Network DDE Agent Request Vulnerability New
A security vulnerability exists in Microsoft® Windows® 2000 which, under certain conditions, allow an attacker to gain complete control over an affected machine.
Invalid RDP Data Vulnerability New
A security vulnerability exists affecting Microsoft® Windows® 2000 terminal servers which could allow an attacker to cause an affected server to fail.
Domain Account Lockout Vulnerability
A security vulnerability exists in Microsoft® Windows 2000 which could allow a malicious user to use repeated attempts to guess an account password even if the domain administrator had set an account lockout policy.
Indexing Services Cross Site Scripting Vulnerability
A security vulnerability exists in Microsoft® Indexing Services for Windows 2000 which could allow a malicious web site operator to misuse another web site as a means of attacking users.
ActiveX Parameter Validation Vulnerability
A security vulnerability exists in Microsoft® Windows 2000 which could allow enable a malicious user to potentially run code on another user’s machine.
Simplified Chinese IME State Recognition Vulnerability
A security vulnerability exists in Microsoft® Windows® 2000 which could allow a malicious user to gain full control of a system if a Chinese Input Method Editor (IME) is installed.
Telnet Client NTLM Authentication Vulnerability
A security vulnerability exists in the telnet client that ships with Microsoft® Windows 2000 which could allow a malicious user to obtain cryptographically protected logon credentials from another user.
Malformed RPC Packet Vulnerability
If a malicious user transmits a malformed Remote Procedure Call (RPC) client packet to a Windows 2000-based computer, the RPC Server service on the host computer may stop responding (hang).
Still Image Service Privilege Escalation Vulnerability
Windows 2000 includes the Still Image service that exposes a vulnerability which could enable a standard user to escalate his or her local privilege level to that of the System.
Local Security Policy Corruption Vulnerability
A security vulnerability exists in Microsoft® Windows® 2000 which could allow a malicious user to disrupt normal operation of an affected machine, and potentially of an entire network.
Service Control Manager Named Pipe Impersonation Vulnerability
It may be possible for a non-privileged user to elevate their existing security context to that of a service that was started by Service Control Manager (SCM). A malicious user could use a named pipe connection to instruct a Windows 2000-based computer to start a pre-defined process that has a security permission higher than the actual security permission that is assigned to the user.
Telnet Server Flooding Vulnerability
A security vulnerability exists in the Telnet Server that ships as part of Microsoft® Windows 2000 which could allow a malicious user to prevent an affected machine from providing Telnet services.
Desktop Separation Vulnerability
A security vulnerability exists in Microsoft® Windows® 2000 which could allow a malicious user to gain additional privileges on a machine that they could log onto at the keyboard.
Protected Store Key Length Vulnerability
A security vulnerability exists in Microsoft® Windows® 2000 which could make it easier for a malicious user who had complete control over a Windows 2000 machine to compromise users' sensitive information.
Mixed Object Access Vulnerability
A security vulnerability exists in Microsoft® Windows® 2000 that could, under very specific conditions, allow a malicious user to change information in the Active Directory that they should not be able to change.