PT-2005-3998 · Microsoft · Windows 2000

Published

2005-10-06

Updated

2008-09-05

CVE-2005-3176

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 before Update Rollup 1 for SP4

Description The issue concerns a lack of logging in security events, specifically when a Windows Terminal Services client connects successfully. This omission could facilitate attackers evading detection, as their IP addresses are not recorded in the security log.

Recommendations For Microsoft Windows 2000 before Update Rollup 1 for SP4, apply Update Rollup 1 for SP4 to ensure that IP addresses of connecting clients are properly logged in security events.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3176

Affected Products

Windows 2000

PT-2005-3998 · Microsoft · Windows 2000

CVE-2005-3176

Related Identifiers

Affected Products

References · 3