Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3372
HistoryAug 16, 2002 - 12:00 a.m.

Security Bulletin MS02-042: Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886)

2002-08-1600:00:00
vulners.com
26
JSON

Title: Flaw in Network Connection Manager Could Enable Privilege
Elevation (Q326886)
Date: 14 August 2002
Software: Microsoft Windows 2000
Impact: Privilege elevation
Max Risk: Critical
Bulletin: MS02-042

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-042.asp .

Issue:

The Network Connection Manager (NCM) provides a controlling
mechanism for all network connections managed by a host system.
Among the functions of the NCM is to call a handler routine
whenever a network connection has been established.

By design, this handler routine should run in the security context
of the user. However, a flaw could make it possible for an
unprivileged user to cause the handler routine to run in the
security context of LocalSystem, though a very complex process.
An attacker who exploited this flaw could specify code of his or
her choice as the handler, then establish a network connection
in order to cause that code to be invoked by the NCM. The code
would then run with full system privileges.

Mitigating Factors:

The vulnerability could only be exploited by an attacker who had
the appropriate credentials to log onto an affected system
interactively. Best practices suggests that unprivileged users
not be allowed to interactively log onto business-critical servers.
If this recommendation has been followed, machines such as domain
controllers, ERP servers, print and file servers, database
servers, and others would not be at risk from this vulnerability.

Risk Rating:

  • Internet systems: Low
  • Intranet systems: Critical
  • Client systems: Critical

Patch Availability:

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

JSON