Icon of program: Windows 2000 Domain Accou…

Windows 2000 Domain Account Lockout Vulnerability Patch

Download now

Used Windows 2000 Domain Account Lockout Vulnerability Patch for Windows?

Windows 2000 Gold is not affected by this vulnerability. This patch will be included in Windows 2000 Service Pack 2. Domain Account Lockout vulnerability FAQ.

Editors’ Review

Download.com staff
This Microsoft patch addresses a critical security flaw in Windows 2000, preventing malicious users from bypassing account lockout policies via password guessing.

  • Pros

    • Eliminates a specific Windows 2000 security vulnerability.
    • Prevents bypass of domain account lockout policies.
    • Mitigates risks from brute force password attacks.
    • Ensures local machine adherence to security policies.

  • Cons

    • Only affects Windows 2000 machines in non-Windows 2000 domains.
    • Requires prior user login with cached credentials.
    • Does not prevent local machine login with guessed password.
    • Exploit does not grant domain or resource access.
Icon of program: Windows 2000 Domain Accou…

Windows 2000 Domain Account Lockout Vulnerability Patch

Download now

Used Windows 2000 Domain Account Lockout Vulnerability Patch for Windows?

Explore More

Full Specifications

GENERAL
Release
Latest update
Version
MS00-089
OPERATING SYSTEMS
Platform
Windows
Operating System
  • Windows 10
  • Windows 2000
Additional Requirements
None
POPULARITY
Total Downloads
13,228
Downloads Last Week
0
Report Software

Program available in other languages

Last Updated

User Reviews

1/5

1 User Votes

Developer’s Description

By Microsoft
Eliminate a Windows 2000 security vulnerability.
This patch eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could allow a malicious user to use repeated attempts to guess an account password even if the domain administrator had set an account lockout policy.

A flaw in the way that NTLM authentication operates in Windows 2000 could allow a domain account lockout policy to be bypassed on a local Windows 2000 machine, even if the domain administrator had set such a policy. The ability of a malicious user to avoid the domain account lockout policy could increase the threat from a brute force password-guessing attack.

This vulnerability only affects Windows 2000 machines that are members of non-Windows 2000 domains. In addition, the vulnerability only affects domain user accounts that have previously logged into the target machine and already have cached credentials established on that machine. If a domain account lockout policy is in place and an attacker attempts a brute force password-guessing attack, the domain user account will be locked out as expected at the domain controller. However, if the attacker is able find the correct password, the local Windows 2000 machine will log the attacker on using cached credentials in violation of the account lockout policy. Although the attacker would be able to log on to the local machine, he or she would not be able to authenticate to the domain or gain access to resources on other machines in the domain.

Download.com
Your review for Windows 2000 Domain Account Lockout Vulnerability Patch