Named Pipe Impersonation

 

Reported August 2, 2000 by
Guardent

VERSIONS EFFECTED
Windows 2000 Professional, Server, Advanced Server

DESCRIPTION

The Windows 2000 Service Control Manager (SCM) creates a named pipe for each service as it starts. It is possible for an attacker to create the named pipe for a service before the SCM can do so, at which point elevated privileges could be achieved based on any valid user account including LocalSystem.

VENDOR RESPONSE

Microsoft released a FAQ, a patch, and a Support Online article Q269523 regarding this matter.  

CREDIT
Discovered by Guardent

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish