Linux Today: Linux News On Internet Time.

More on LinuxToday

WideOpenNews: Novell Rains on Microsoft's Parade

Feb 16, 2000, 01:06 (2 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"Novell claims that its engineers have uncovered a substantial security glitch in the Windows Active Directory. Microsoft's directory is a fundamental part of the Windows 2000 Server, and according to The Industry Standard, one of the most difficult parts of the W2K package to upgrade. A network directory enables administrators to both track and manage resources on remote networks -- users or applications, for example. The Standard notes that Microsoft's retooled directory makes it easier for IT staff "to manage information, users, security and domain structure across large internal networks.'

That's a big part of the problem, according to Novell. Novell reports that while Active Directory reduces the administration required with multiple domains, it opens up access to more sensitive parts of the network. 'A security flaw exists whereby a blocked administrator can effectively remove this block, thus enabling access to sensitive corporate assets. This security issue was duplicated on multiple Windows 2000 Servers in different configurations. All Windows 2000 Servers were running Build 2195, the final release of the Windows 2000 operating system.'

Microsoft has vehemently denied the claims. According to, Novell brought the hole to Redmond's attention on Friday, but company engineers have since been unable to find the alleged hole. Steve Lipner, manager of Microsoft's Security Center told that the found hole was in fact an oversight on Novell's part."

Complete Story

Related Stories: