Test ID:	1.3.6.1.4.1.25623.1.0.11215
Category:	Windows : Microsoft Bulletins
Title:	Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
Summary:	The SMB signing capability in the Server Message Block; protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital; signing settings in an SMB session to force the data to be sent unsigned, then inject data; into the session without detection, e.g. by modifying group policy information sent from a; domain controller.
Description:	Summary: The SMB signing capability in the Server Message Block protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. Affected Software/OS: - Microsoft Windows 2000 - Microsoft Windows XP Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1256 BugTraq ID: 6367 http://www.securityfocus.com/bid/6367 Microsoft Security Bulletin: MS02-070 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277 XForce ISS Database: win-smb-policy-modification(10843) https://exchange.xforce.ibmcloud.com/vulnerabilities/10843
Copyright	Copyright (C) 2003 SECNAP Network Security

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.