• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability

Solution:
Microsoft has released patches which will eliminate this vulnerability. The patch also includes the SETPWD tool which allows the administrator to modify the value of the Directory Service Restore Mode and Recovery Console password. The command syntax for the tool is:

SETPWD [/s:servername]


Microsoft Windows 2000 Advanced Server

• Microsoft Q271641
  http://download.microsoft.com/download/win2000platform/Patch/q271641/N T5/EN-US/Q271641_W2K_SP2_x86_en.EXE

Microsoft Windows 2000 Server

• Microsoft Q271641
  http://download.microsoft.com/download/win2000platform/Patch/q271641/N T5/EN-US/Q271641_W2K_SP2_x86_en.EXE