Vulnerabilities > Microsoft > Windows 2000
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-06-25 | CVE-2002-0367 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | 7.8 |
| 2002-04-04 | CVE-2002-0051 | Improper Locking vulnerability in Microsoft Windows 2000 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | 7.8 |
| 2001-12-31 | CVE-2001-1515 | Improper Preservation of Permissions vulnerability in Microsoft Windows 2000 Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | 7.5 |
| 2001-08-31 | CVE-2001-1452 | Origin Validation Error vulnerability in Microsoft Windows 2000 and Windows NT By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | 7.5 |
| 2001-07-16 | CVE-2001-1238 | Improper Handling of Case Sensitivity vulnerability in Microsoft Windows 2000 Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | 7.8 |
| 2000-04-14 | CVE-2000-1218 | Origin Validation Error vulnerability in Microsoft products The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | 9.8 |