-----Original Message-----
From: Microsoft
[mailto:[log in to unmask]
osoft.com]
Sent: Thursday, August 15, 2002 5:27 PM
Subject: Microsoft Security Bulletin MS02-042: Flaw in Network
Connection Manager Could Enable Privilege Elevation (Q326886)
-----BEGIN PGP SIGNED MESSAGE-----
- -
- ----------------------------------------------------------------------
Title: Flaw in Network Connection Manager Could Enable Privilege
Elevation (Q326886)
Date: 14 August 2002
Software: Microsoft Windows 2000
Impact: Privilege elevation
Max Risk: Critical
Bulletin: MS02-042
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-042.asp .
- -
- ----------------------------------------------------------------------
Issue:
======
The Network Connection Manager (NCM) provides a controlling
mechanism for all network connections managed by a host system.
Among the functions of the NCM is to call a handler routine
whenever a network connection has been established.
By design, this handler routine should run in the security context
of the user. However, a flaw could make it possible for an
unprivileged user to cause the handler routine to run in the
security context of LocalSystem, though a very complex process.
An attacker who exploited this flaw could specify code of his or
her choice as the handler, then establish a network connection
in order to cause that code to be invoked by the NCM. The code
would then run with full system privileges.
Mitigating Factors:
====================
The vulnerability could only be exploited by an attacker who had
the appropriate credentials to log onto an affected system
interactively. Best practices suggests that unprivileged users
not be allowed to interactively log onto business-critical servers.
If this recommendation has been followed, machines such as domain
controllers, ERP servers, print and file servers, database
servers, and others would not be at risk from this vulnerability.
Risk Rating:
============
- Internet systems: Low
- Intranet systems: Critical
- Client systems: Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletin at
http://www.microsoft.com/technet/security/bulletin/ms02-042.asp
for information on obtaining this patch.
- -
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPVv1X40ZSRQxA/UrAQFxYQf/ftIxVTaOdjgCe8D7CEajwWHKJ2PNS1M3
l0aWVk2hyXUvnHqSLir3dIgVBjztIx7wUnBiEzg/FTc7WPb6mdU3GNAPYWQu58kW
H3zq+V3M9RPrPe97sgHfxfF1ubH0gzatPuGyGKIAkoq5iY2o5LPIMVMtO7Baw+gF
vsEnatY5oY1s2QVBYCdBYjRd2puqMQywh/h0iWNFq5kBTp4pbpfnMSbBQoQGTPGX
rUviam/WnBhIBL7JEQqv2oCBvO+zzv5ix32IyH4F1kx9DNlxYmhdURWleL+GAotv
/G/mV+koIJIIUGjjJWMOUO7TKkmZpNYte2iaA3wRTdbuAQ1fMdeGdw==
=88Bk
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit http://www.microsoft.com/technet/security/notify.
asp.
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|