Windows2000 system flaw is solved completely (1)

Land input method flaw
We introduce an entry mistake above all here, the input method flaw that often says namely. When the clew interface that when us the Windows2000 that start undertakes entry test and verify, any users can open the help column of all sorts of input methods, a few functions that and can be used have among them visit file system, this that is to say we can bypass the user of Windows2000 logs onto mechanism of test and verify, and can visit whole system with top manager attributive. The harm sex that says this flaw so is very big, and enter systematic hind when us, still can use Terminal Server to correspond remotely this flaw has charge to the system. What there is this flaw in the input method that acquiescent Windows2000 system brings oneself is: Intelligent ABC, microsoft phoneticize, internal code, go all out completely, double go all out, zheng code. Feel with respect to me so and character this flaw is principal the flaw that repair.

1, delete the input method that does not need, for example Zheng code.

2, but after all we cannot all take an input method to be deleted oneself, it is OK also to if we want,use leaky input method delete the help file of that input method. These help files fall in the installation catalog of Win2000 normally (be like: C: WBelow the Help catalog of INNT) , corresponding help file is:

※ WINIME.CHM input method operates a guideline
※ WINSP.CHM double spell input method help
※ WINZM.CHM Zheng piles up input method help
※ WINPY.CHM spells input method help completely
Input method of ※ WINGB.CHM internal code is helped

3, Microsoft issued MS00-069 safety announcement to this problem, gave out on Internet the patch of simplified Chinese Windows2000 and English edition Windows2000. Hit a patch as soon as possible please so.

The information leak of NetBIOS
Next we talk about NetBIOS share inbreak. This problem just was issued from NT never solve now. And it all the time origin is NT system structural frame is the commonnest inbreak method. What be worth to be carried particularly is empty conversation of that IPC$Null Session() foregone safe hidden trouble is in NT system. Although was hit,SP3 hind can register a watch to undertake limitative to its through revising. But do not know why Windows2000 or intact ground are preserving this empty conversation. So let us see empty conversation can bring what kind of news to the person that inbreak:
Net Use ServerIPC$ "" /user:" "/ / this command is used build an empty conversation
This command of Net View Server // shares resource with what will examine long-range server

Annotate of 　 of 　 of 　 of server name 　

-------------------------------------------------------Pc1Pc2
Previous12 Next