CVE-1999-1358
First published: Fri Dec 31 1999(Updated: )
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows NT | ||
| Microsoft Windows 2000 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1358?
CVE-1999-1358 is considered a medium severity vulnerability as it allows local users to bypass policy restrictions.
How do I fix CVE-1999-1358?
To fix CVE-1999-1358, ensure the local ntconfig.pol file is set to be writable only by authorized administrators.
What versions of Windows are affected by CVE-1999-1358?
CVE-1999-1358 affects Microsoft Windows NT and Windows 2000.
Can local users exploit CVE-1999-1358 to gain administrative privileges?
Local users may exploit CVE-1999-1358 to bypass restrictions but this does not provide administrative privileges.
Is CVE-1999-1358 a configuration issue or software flaw?
CVE-1999-1358 is primarily a configuration issue related to the permissions of the ntconfig.pol file.
- collector/nvd-historical
- vendor/microsoft
- vendor/windows nt
- vendor/windows 2000
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- canonical/microsoft windows nt
- canonical/microsoft windows 2000