Reported August 2, 2000 by Guardent
The Windows 2000 Service Control Manager (SCM) creates a named pipe for each service as it starts. It is possible for an attacker to create the named pipe for a service before the SCM can do so, at which point elevated privileges could be achieved based on any valid user account including LocalSystem.
VENDOR RESPONSE
Microsoft released a FAQ, a patch, and a Support Online article Q269523 regarding this matter.
CREDIT
Discovered by Guardent
0 comments
Hide comments