Reported
August 15, 2002, by Microsoft.
VERSION
AFFECTED
Windows
2000
DESCRIPTION
A
vulnerability exists in Windows 2000’s Network Connection Manager (NCM) that
can result in an attack compromising the affected system. This vulnerability
stems from a flaw in an NCM handler routine that grants an unprivileged user
LocalSystem rights.
VENDOR
RESPONSE
The
vendor, Microsoft, has released Security
Bulletin MS02-042
(Flaw in Network Connection Manager Could Enable Privilege Elevation) to address
this vulnerability and recommends that affected users download and apply the patch
mentioned in the security bulletin.
CREDIT
Discovered
by Microsoft.
Privilege Elevation Vulnerability in Microsoft Windows 2000 Network Connection Manager
0 comments
Hide comments