Privilege Elevation Vulnerability in Microsoft Windows 2000 Network Connection Manager

Reported August 15, 2002, by Microsoft.

VERSION AFFECTED

 

  • Windows 2000

DESCRIPTION

 

A vulnerability exists in Windows 2000’s Network Connection Manager (NCM) that can result in an attack compromising the affected system. This vulnerability stems from a flaw in an NCM handler routine that grants an unprivileged user LocalSystem rights.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-042 (Flaw in Network Connection Manager Could Enable Privilege Elevation) to address this vulnerability and recommends that affected users download and apply the patch mentioned in the security bulletin.

 

CREDIT
Discovered by Microsoft.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish