Security 10809 Published by

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Windows 2000. The vulnerability could
allow a malicious user to use repeated attempts to guess an account
password even if the domain administrator had set an account lockout
policy.

Frequently asked questions regarding this vulnerability and
the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-089.asp

Affected Software Versions
==========================
- Microsoft Windows 2000 Professional, Service Pack 1
- Microsoft Windows 2000 Server, Service Pack 1
- Microsoft Windows 2000 Advanced Server, Service Pack 1
- Microsoft Windows 2000 Datacenter, Service Pack 1

Note Windows 2000 Gold is not affected by this vulnerability.

Patch Availability
==================
- http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25606

Note: Windows 2000 users connected to a Windows 2000 domain, stand
alone Windows 2000 machines, and users of NT 4.0 do not need to take
any action.

Note: The Windows 2000 patch can be applied to systems running
Windows 2000 Service Pack 1. Users of Windows 2000 Gold are not
affected and do not need to take any action. This patch will be
included in Windows 2000 Service Pack 2.