A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system.
A vulnerability exists in the Service Control Manager (SCM) function. This function creates named pipes for system services. More information on this problem is available from Microsoft at:
An attacker can execute code with the privileges of any other user on the machine, including the administrator or the system itself.
Apply the patch described in http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23432
Our thanks to Microsoft for the information contained in their bulletin.
This document was written by Ian A. Finlay.
|Date First Published:||2001-05-09|
|Date Last Updated:||2001-05-10 13:44 UTC|