WideOpenNews: Novell Rains on Microsoft's ParadeFeb 16, 2000, 01:06 (2 Talkback[s])
"Novell claims that its engineers have uncovered a substantial security glitch in the Windows Active Directory. Microsoft's directory is a fundamental part of the Windows 2000 Server, and according to The Industry Standard, one of the most difficult parts of the W2K package to upgrade. A network directory enables administrators to both track and manage resources on remote networks -- users or applications, for example. The Standard notes that Microsoft's retooled directory makes it easier for IT staff "to manage information, users, security and domain structure across large internal networks.'
That's a big part of the problem, according to Novell. Novell reports that while Active Directory reduces the administration required with multiple domains, it opens up access to more sensitive parts of the network. 'A security flaw exists whereby a blocked administrator can effectively remove this block, thus enabling access to sensitive corporate assets. This security issue was duplicated on multiple Windows 2000 Servers in different configurations. All Windows 2000 Servers were running Build 2195, the final release of the Windows 2000 operating system.'
Microsoft has vehemently denied the claims. According to News.com, Novell brought the hole to Redmond's attention on Friday, but company engineers have since been unable to find the alleged hole. Steve Lipner, manager of Microsoft's Security Center told News.com that the found hole was in fact an oversight on Novell's part."
0 Talkback[s] (click to add your comment)