- home
- reviews
- news
- downloads
- cnet tv
HOLIDAY HELP DESK: Broadcasting live at 1:00 p.m., PT
- log in
- join CNET
- welcome,
- my profile
- log out

Windows 2000 Domain Account Lockout Vulnerability Patch MS00-089

Quick specs
Price: Free
Operating system:
Date added: November 28, 2000
Total Downloads: 9,712
Downloads last week: 1
See full specifications

Add to my list Add to my Watch List

Download Now (3.52MB)

Tested spyware free

Average user rating: 3.0 stars out of 4 votes
See all user reviews

Publisher's description

From Microsoft :

This patch eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could allow a malicious user to use repeated attempts to guess an account password even if the domain administrator had set an account lockout policy.

A flaw in the way that NTLM authentication operates in Windows 2000 could allow a domain account lockout policy to be bypassed on a local Windows 2000 machine, even if the domain administrator had set such a policy. The ability of a malicious user to avoid the domain account lockout policy could increase the threat from a brute force password-guessing attack.

This vulnerability only affects Windows 2000 machines that are members of non-Windows 2000 domains. In addition, the vulnerability only affects domain user accounts that have previously logged into the target machine and already have cached credentials established on that machine. If a domain account lockout policy is in place and an attacker attempts a brute force password-guessing attack, the domain user account will be locked out as expected at the domain controller. However, if the attacker is able find the correct password, the local Windows 2000 machine will log the attacker on using cached credentials in violation of the account lockout policy. Although the attacker would be able to log on to the local machine, he or she would not be able to authenticate to the domain or gain access to resources on other machines in the domain.

CNET Editor's Note: Windows 2000 Gold is not affected by this vulnerability. This patch will be included in Windows 2000 Service Pack 2. Domain Account Lockout vulnerability FAQ.

Visual Studio Pro 2010

Write better-quality code, reduce security-related issues, and avoid bugs later in the development lifecycle.

Download Now

More popular Encryption Software downloads

34,431 downloads 1. Hotspot Shield
11,215 downloads 2. RoboForm
8,899 downloads 3. Computer Use Reporter
6,431 downloads 4. Folder Lock
4,399 downloads 5. RAR Password Cracker
See all Encryption Software downloads

J. River Media Center

Organize and play audio, video, images, TV, Web media.

Download Now

User reviews

Average user rating: 0 stars Not yet available
My rating: 0 stars Write review

Showing 1 of 1 user reviewSee 1 user review
This software version | All versions
1 stars

Version: Windows 2000 Domain Account Lockout Vulnerability Patch MS00-089

"The patch doesn't work."

on March 11, 2001

Summary: Well I was happy there was a patch. But became nearly crazy because it did not work. The patch sucks.

Was this review helpful? YES | NO

Report this post Email this post Permalink to this post

Reply to this review
See 1 user review Write review

Submit your review

Windows 2000 Domain Account Lockout Vulnerability Patch MS00-089

ORLog in with your Facebook account

1. Rate this product:: (Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.): 0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.): 0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.): 0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.): 0 of 5000 characters; Submit