SYMPTOMS
Microsoft has released a security patch that resolves a vulnerability that
can allow a malicious user to use a brute-force password-guessing attack against a Windows 2000-based computer, even if the domain administrator has set an account lockout policy. Such an attack can target only the account of a user who previously logged on to the target computer, and whose logon credentials are cached on the computer.
NOTE: This vulnerability affects only computer that are running Windows 2000 Service Pack 1 (SP1) and are members of non-Windows 2000-based domains.
Additional information about this issue is available from the following
Microsoft Web site:
You can find frequently asked questions about this vulnerability at the following Microsoft Web site:
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The following file is available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
------------------------------------------------------
10/09/2000 04:22p 5.0.2195.2444 103,936 Msv1_0.dll
