Vulnerability Description
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 Terminal Services | All versions |
References
- http://www.iss.net/security_center/static/8813.php
- http://www.securityfocus.com/archive/1/266729
- http://www.securityfocus.com/bid/4464
- http://www.iss.net/security_center/static/8813.php
- http://www.securityfocus.com/archive/1/266729
- http://www.securityfocus.com/bid/4464
FAQ
What is CVE-2002-0444?
CVE-2002-0444 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share...
How severe is CVE-2002-0444?
CVE-2002-0444 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0444?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000 Terminal Services.