December 20th, 2001, 08:00 AM
File locking feature in Windows NT and 2000.
Oxygen3 24h-365d [File locking in Windows NT and 2000 - 12/19/01]
This newsletter arrived to me this morning and I found it interesting enough to want to share it with other people aswell. This "feature" from Microsoft can a be nice way for "people" to use when gaining access to a system .
SecuriTeam has reported at windowsntfocus that Windows NT 4.0 and 2000 are affected by a file locking problem that could invalidate security policies established by administrators.
The problem arises when an application puts an exclusive lock on a file. When this happens, no further locks can be put on the file. The file locking mechanism does not check for file permissions or the mode in which the file is opened before locking it, which means that it's possible for an application with read-only access to lock it exclusively.
In Windows NT and 2000, if a file is locked exclusively by an application, no other application can access the file, irrespective of whether it is trying to lock the file or not. This can provoke denial of service situations. For example, a user without privileges can stop security policies and logon scripts; prevent the screensaver from being used and therefore stop another user from locking the computer; and even deny access to other users.
December 20th, 2001, 08:24 AM
hmm this is what mircosoft was trying to say...
"users dont want to use softwares that are so secure that they cant use it"
i guess thet dont know how to balance both usability and security..