|
FYI, anyone can contact [EMAIL PROTECTED] and get a
fairly quick response. I have met several of the people who handle that
alias and they are all very good very bright people and are very responsive. You
don't need to go through someone like[1] Russ to get info into MS about security
issues. If you contact secure and don't get some form of response in short order
(a day or two), email me and I will throw it at the MS/MVP Security list as a
lot of the folks involved with [EMAIL PROTECTED] are on that list and
we are supposed to relate any issues we hear about there. I am a Security MVP as
well as a Directory Services MVP and want to make sure the right info is going
out and security is being handled properly.
joe
[1] I *may* mean especially. I killed NTBUGTRAQ as a DL I
watched a long time ago.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 6:45 PM To: [email protected] Subject: RE: [ActiveDir] 2003 SP1 RTM I was only able to get
Microsoft’s attention last year because I had originally contacted Russ Cooper
and of course he has good contacts with the security team there. I’ll have to
dig through my mail archive to find out who it was that took the case from the
security team. Deji, if you want I
will provide you details off-list so you can know exactly what I’m talking
about. Regards, Lou From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
[EMAIL PROTECTED] OK, this is news – to
me. Do you want it chased, or are you in a position to get a direct MS opinion
on it yourself? Since ~Eric has chimed in, I think we should hand it off to him
J Deji From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Lou Vega All in all, not an
earth shattering bug, but still something that in my opinion really needs to be
fixed. Since I told Microsoft
Security I wouldn’t release details on this bug until they had a chance to fix
it, I won’t go into the details here. However, since it has been since May 2004
and they apparently have not addressed it in the current SP, I’ll say
this….Basically it was a bug where you could effectively disable the Restricted
Groups feature of Group Policy allowing anyone to remain in the group even if it
was listed as Restricted. As an added bonus, the OS doesn’t even generate any
event log entries…all Security Policy refreshes are listed with no problems in
the event log. It’s not remotely exploitable or anything like that; just
something that I really felt should be addressed. Regards, Lou From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
[EMAIL PROTECTED] Lou, what security fix are you asking about? I am in
Security, and I’ve been doing SP1 for a while now, so I may be able to respond
in less that 11 words ;) Or, I may be able to chase it up for
you. Deji -----Original Message----- FWIW - I just installed it on a test server (domain
controller for a "play network") and it appears fine at the moment. If there
are any Microsoft Security Team folks on board listening, I'm personally
curious to see if a particular fix has been added to this SP since I was
told it would be when I reported a problem last May. Upon the initial install of
the SP, it would appear as if it were not
fixed. r/ Lou -----Original Message----- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Dave A. Marquis Sent: Thursday, March 31, 2005 11:37
AM Subject: RE: [ActiveDir] 2003 SP1
RTM I am certainly going to be waiting to install this one
for a while........ to many changes to jump right into
it. David A. Marquis Computer Systems
Administrator List info :
http://www.activedir.org/List.aspx List FAQ :
http://www.activedir.org/ListFAQ.aspx List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/ |
- RE: [ActiveDir] 2003 SP1 RTM joe
- RE: [ActiveDir] 2003 SP1 RTM joe
- RE: [ActiveDir] 2003 SP1 RTM joe
- RE: [ActiveDir] 2003 SP1 RTM Ruston, Neil
- Re: [ActiveDir] 2003 SP1 RTM Phil Renouf
- RE: [ActiveDir] 2003 SP1 RTM Francis Ouellet
