[原文]Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration
Remote / Network Access
Loss of Confidentiality
Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the LsaQueryInformationPolicy function is called on a domain workstation, which will disclose the domain SID resulting in a loss of confidentiality.
Upgrade to Microsoft Windows 2000 or higher, as it has been reported to fix this vulnerability. In addition, set the 'RestrictAnonymous' registry value to 2. Phil Brass has released an unofficial patch for Microsoft Windows NT.