SMS May Allow Elevated Privileges Reported February 23, 2000 by Microsoft According to Microsoft"s report, "If the SMS 2.0 Remote Control feature has been installed and enabled on a machine, the folder in which the remote agent resides has its permissions set to Everyone Full Control by default. If a malicious user replaced the client code with code of his or her choosing, it would run automatically in a system context the next time he or she rebooted the machine and logged on. The vulnerability exists only if the Remote Control feature has been enabled - no other SMS features are affected by it." VENDOR RESPONSE
Microsoft has issued a patch for Intel and Alpha, as well as a FAQ regarding this matter. CREDITS |
0 comments
Hide comments