Privilege Escalation Vulnerability in Microsoft Utility Manager for Windows

Reported July 13, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows 2000

DESCRIPTION
A privilege-elevation vulnerability exists in the way in which Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges, then take complete control of the system. A potential attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

VENDOR RESPONSE
Microsoft has released bulletin MS04-019, "Vulnerability in Utility Manager Could Allow Code Execution (842526)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Cesar Cerrudo of Application Security, Inc.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish