I'm seeing some accounts giving account lockout events related to the MBSA scans. According to the link on the report, the password check "attempts a password change request", and then goes on to say "account lockout policy counts will be reset on the scanned computer."
First - how does the change password attempt take place without actually changing the password? If it does change the password for an account, how does it change it back to pre-attempt value?
Second - How do the lockout counts get reset? That suggests there is a mechnism available to reset the lockout count - an attack vector if I've ever seen one.
Thanks for any input.