Suggest A Fix PC Support Forums > MS Alert: 2000 Default Permissions vunerability

Full Version: MS Alert: 2000 Default Permissions vunerability

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Aug 5 2002, 06:08 PM

Windows 2000 system partition uses weak default permissions. According to the report, the system partition itself has 'Everyone/Full Control' access permissions by default. Users with Full Control NTFS permissions for a folder can reportedly delete any file from the folder regardless of the individual file permissions. A local user can gain ownership rights and get full control over any system file located in root of system partition.

While there is no solution available from Microsoft, the author of the report has suggestaed a workaround: Replace Full Control permissions for the Everyone group with any reasonable set of permissions for all root folders.

Reported by: Security.nnov

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.