Microsoft KB Archive/259401

= Active Directory Objects May Be Modified Programmatically =

PSS ID Number: 259401

Article Last Modified on 9/23/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q259401



NOTE: The vulnerability only affects the above products when they are used as domain controllers.



SYMPTOMS
If a user has permission to modify an attribute in an object, it may be possible programmatically to also modify attributes in the same object to which the person does not have permissions to modify.



CAUSE
This behavior occurs because it is possible to modify an attribute that the user does not have permission to modify, as long as the operation is combined in a particular way with one involving an attribute that the user does have permission to modify.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The following file is available for download from the Microsoft Download Center:

Download Q259401_W2K_SP1_x86_en.exe now

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Windows 2000.

This problem was first corrected in Windows 2000 Service Pack 1.



MORE INFORMATION
For more information about this vulnerability, please see the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms00-026.asp

For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Additional query words: Active Directory tailgate Lightweight Access Protocol (LDAP)

Keywords: kbbug kbfix kbgraphxlinkcritical kbQFE kbWin2000SP1Fix KB259401

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.