CVE-1999-1358 — MEDIUM (4.6)

Vulnerability Description

When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Microsoft	Windows 2000	All versions
Microsoft	Windows Nt	All versions

References

http://support.microsoft.com/support/kb/articles/q157/6/73.aspPatchVendor Advisory
http://www.iss.net/security_center/static/7400.php
http://support.microsoft.com/support/kb/articles/q157/6/73.aspPatchVendor Advisory
http://www.iss.net/security_center/static/7400.php

FAQ

What is CVE-1999-1358?

CVE-1999-1358 is a vulnerability with a CVSS score of 4.6 (MEDIUM). When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to by...

How severe is CVE-1999-1358?

CVE-1999-1358 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-1999-1358?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt.