Windows 2000 Encrypting File System Security

From: Microsoft Product Security Response Team (secureat_private)
Date: Thu Jul 29 1999 - 08:25:27 PDT

Next message: Miguel de Icaza: "Re: [linux-security] [RHSA-1999:023-01] Potential security"

Previous message: Ben Greenbaum: "Microsoft's Reply regarding EFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There has been a great deal of discussion regarding a paper that recently
was released, discussing purported vulnerabilities in the Encrypting File
System for Windows 2000.  However, after analyzing the attack scenarios,
we've found that they rely on the EFS Recovery Agent having made a critical
error -- the EFS Recovery Key must be left on the machine, contrary to the
recommendations in the documentation.  If the recommended security practices
are followed, the attack fails and EFS data remains secure.  We have posted
a more detailed discussion of the subject at
http://www.microsoft.com/security/bulletins/win2kefs.asp.

Regards,

Secureat_private

Next message: Miguel de Icaza: "Re: [linux-security] [RHSA-1999:023-01] Potential security"
Previous message: Ben Greenbaum: "Microsoft's Reply regarding EFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:05 PDT