This update resolves the "Domain Account Lockout" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-089. Download now to ensure that the Account Lockout Policy helps prevent unauthorized access to the computers in your network.
Under very specific conditions, a malicious user can try repeatedly to guess an account password, even if the domain administrator has set the Account Lockout Policy to disable the account after a specified number of attempts to access it.
A number of factors limit the scope of this vulnerability:
This vulnerability affects only computers running Windows 2000 on a non-Windows 2000 domain. Stand-alone Windows 2000 computers and Windows 2000 computers on a Windows 2000 domain are not vulnerable.
A password-guessing attack is restricted to domain accounts that have cached the logon credentials of an authorized user.
If a malicious user guesses the correct password, he or she can use it only to log on to the local computer. The domain Account Lockout Policy still prevents a domain controller from authenticating an unauthorized user and it prevents a malicious user from accessing other computers in the domain using the guessed password. For more information about this vulnerability, read Microsoft Security Bulletin MS00-089. This update applies to Windows 2000 Professional, Service Pack 1, Windows 2000 without Service Pack 1 is not affected by this vulnerability.