[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Windows 2000 Encrypting File System Security
From:       Microsoft Product Security Response Team <secure () MICROSOFT ! COM>
Date:       1999-07-29 15:25:27
[Download RAW message or body]

There has been a great deal of discussion regarding a paper that recently
was released, discussing purported vulnerabilities in the Encrypting File
System for Windows 2000.  However, after analyzing the attack scenarios,
we've found that they rely on the EFS Recovery Agent having made a critical
error -- the EFS Recovery Key must be left on the machine, contrary to the
recommendations in the documentation.  If the recommended security practices
are followed, the attack fails and EFS data remains secure.  We have posted
a more detailed discussion of the subject at
http://www.microsoft.com/security/bulletins/win2kefs.asp.

Regards,

Secure@microsoft.com

[prev in list] [next in list] [prev in thread] [next in thread]