Description
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
Products
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Japanese Server
- Microsoft Windows 2000 Advanced Server Service Pack 1
- Microsoft Windows 2000 Datacenter Server Service Pack 1
- Microsoft Windows 2000 Service Pack 1 Professional
- Microsoft Windows 2000 Service Pack 1 Server
- Microsoft Windows 2000 Advanced Server Service Pack 2
- Microsoft Windows 2000 Datacenter Server Service Pack 2
- Microsoft Windows 2000 Professional Service Pack 2
- Microsoft Windows 2000 Service Pack 2
- Microsoft Windows 2000 Service Pack 3 Advanced Server
- Microsoft Windows 2000 Service Pack 3 Datacenter Server
- Microsoft Windows 2000 Service Pack 3 Professional
- Microsoft Windows 2000 Service Pack 3 Server
- Microsoft Windows 2000 Japanese Server Edition
- Microsoft Windows 2000 Datacenter Server Edition
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server Edition
- Microsoft Windows 2000 Service Pack 1 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 1 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 1 Professional Edition
- Microsoft Windows 2000 Service Pack 1 Server Edition
- Microsoft Windows 2000 Service Pack 2 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 2 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 2 Professional Edition
- Microsoft Windows 2000 Service Pack 2 Server Edition
- Microsoft Windows 2000 Service Pack 3 Advanced Server Edition
- Microsoft Windows 2000 Service Pack 3 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 3 Professional Edition
- Microsoft Windows 2000 Service Pack 3 Server Edition
- Microsoft Windows 2000 Service Pack 4 Datacenter Server Edition
- Microsoft Windows 2000 Service Pack 4 Professional Edition
- Microsoft Windows 2000 Service Pack 4 Server Edition
- Microsoft Windows XP on x64
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Gold Professional
- Microsoft Windows XP SP1 on X64
- Microsoft Windows XP SP1 Home Edition
- Microsoft Windows XP Embedded Edition (XPe) on x64
- Microsoft Windows XP Home Edition on Itanium
- Microsoft Windows XP Home Edition on x64
- Microsoft Windows XP Home Edition on x86
- Microsoft Windows XP Media Center Edition on x64
- Microsoft Windows XP Professional Edition on x64
- Microsoft Windows XP Starter Edition on x64
- Microsoft Windows XP Tablet PC Edition on x64
- Microsoft Windows XP Gold Professional Edition
- Microsoft Windows Xp - Gold Professional Edition on X64
- Microsoft Windows XP Service Pack 1 on x64 (64-bit)
- Microsoft Windows XP Service Pack 1 Embedded Edition (XPe) on x64
- Microsoft Windows XP Service Pack 1 Home Edition
- Microsoft Windows XP Service Pack 1 Home Edition on Itanium
- Microsoft Windows XP Service Pack 1 Home Edition on x64
- Microsoft Windows XP Service Pack 1 Home Edition on x86
- Microsoft Windows XP Service Pack 1 Media Center Edition on x64
- Microsoft Windows XP Service Pack 1 Professional Edition on x64
- Microsoft Windows XP Service Pack 1 Starter Edition on x64
- Microsoft Windows XP Service Pack 1 Tablet PC Edition on x64
- Microsoft Windows XP Service Pack 2 Embedded Edition (XPe) on x64
- Microsoft Windows XP Service Pack 2 Home Edition on Itanium
- Microsoft Windows XP Service Pack 2 Home Edition on x64
- Microsoft Windows XP Service Pack 2 Home Edition on x86
- Microsoft Windows XP Service Pack 2 Media Center Edition on x64
- Microsoft Windows XP Service Pack 2 Professional Edition on x64
- Microsoft Windows XP Service Pack 2 Starter Edition on x64
- Microsoft Windows XP Service Pack 2 Tablet PC Edition on x64
- Microsoft Windows XP Service Pack 3 Embedded Edition (XPe) on x64
- Microsoft Windows XP Service Pack 3 Home Edition on x64
- Microsoft Windows XP Service Pack 3 Home Edition on x86
- Microsoft Windows XP Service Pack 3 Media Center Edition on x64
- Microsoft Windows XP Service Pack 3 Professional Edition on x64
- Microsoft Windows XP Service Pack 3 Tablet PC Edition on x64
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-2132, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-2132 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References