Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
|
|
SecurityTracker Alert ID: 1002356 |
|
SecurityTracker URL: http://securitytracker.com/id/1002356
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 8 2001
|
Impact:
User access via local system
|
Exploit Included: Yes
|
|
Description:
A vulnerability was reported in Microsoft Outlook 2000 in the Animated Assistant feature. The feature prevents the activation of the screen saver, allowing physically local users to access the system when the system is unattended for a period of time.
It is reported that there is a problem in the Windows operating system inactivity mechanism when Outlook 2000's Animated Assistant is enabled.
|
Impact:
A physically local user can gain access to the system when it is unattended.
|
Solution:
No vendor solution was available at the time of this entry.
As a workaround, the report recommends locking the workstation manually via: CTRL-ALT-DEL and clicking on 'Lock.'
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause:
State error
|
Underlying OS: Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: [NT] Outlook2000 Animated Assistant & Password Protected Screen Saver Vulnerability
|
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Outlook2000 Animated Assistant & Password Protected Screen Saver
Vulnerability
------------------------------------------------------------------------
SUMMARY
Outlook 2000 includes a feature called Animated Assistant. This feature
prevents the activation of the screen saver whenever animated assistant is
active. This exposes a security vulnerability, since the security policy
of locking the workstation doesn't affect those workstations that have the
animated assistant feature enabled.
DETAILS
A problem in the way that the inactivity mechanism used in the Windows
operating system incorrectly detects the user inactivity period whenever
Outlook 2000's Animated Assistant is enabled. This causes it not to
activate the screen saver, resulting in the desktop not getting
automatically locked.
Workaround:
Lock the workstation manually via: CTRL-ALT-DEL and click on Lock.
ADDITIONAL INFORMATION
The information has been provided by <mailto:AUpadhyay@OHIOSAVINGS.COM>
Upadhyay, Anand.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
profits or special damages.
|
|
