search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows Utility Manager launches applications with system privileges

Vulnerability Note VU#868580

Original Release Date: 2004-07-14 | Last Revised: 2004-07-14

Overview

The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges.

Description

The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contains a privilege escalation vulnerability that permits authenticated local users to launch applications with SYSTEM privileges.

Microsoft reports that the vulnerability disclosed in MS04-019 is different than the one reported in MS04-011, which is described in VU#526084.

Impact

This vulnerability allows authenticated local users to launch applications with SYSTEM privileges.

Solution

Apply a patch from Microsoft

Microsoft has provided a Security Update to address this vulnerability; for further details, please see Microsoft Security Bulletin MS04-019.

Disable the Utility Manager


Administrators can use the Group Policy settings to disable the Utility Manager. Although this action does not fully address the vulnerability, it may be a useful interim measure to prevent exploitation.

Vendor Information

868580
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://www.microsoft.com/technet/security/bulletin/ms04-019.mspx

Acknowledgements

This vulnerability was reported to Microsoft by Cesar Cerrudo of Application Security Inc.

This document was written by Jeffrey P. Lanza.

Other Information

CVE IDs: CVE-2004-0213
Severity Metric: 21.26
Date Public: 2004-07-13
Date First Published: 2004-07-14
Date Last Updated: 2004-07-14 14:37 UTC
Document Revision: 11

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis