Suggest A Fix PC Support Forums > MS Patch Available: Win2000 NTFS Filesystem issue

Full Version: MS Patch Available: Win2000 NTFS Filesystem issue

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Aug 18 2002, 08:02 PM

@stake has reported an vunerability in the MS NTFS filesystem. A local user can access a file without the file access being audited. A local user can create a hard link to an existing file on the disk. The auditing mechanism of Windows NT and Windows 2000 does not properly track hard links and produces some 'erroneous results'. A local user can access a linked file through a hard link so that the name of the true file being accessed does not appear in the security event log. The file name of the hard link will appear in the event log, but the hard link can be deleted after the file has been accessed, removing any trace of the file access activity.

A fix is available in Windows 2000 SP3. XP and .Net server beta were fixed before they shipped.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.