Information Security News mailing list archives
Microsoft warns of Windows 2000 security hole
From: InfoSec News <isn () C4I ORG>
Date: Wed, 28 Feb 2001 20:26:07 -0600
http://www.zdnet.co.uk/news/2001/8/ns-21265.html Will Knight Wed, 28 Feb 2001 Flaw allows a user to gain new privileges on a computer network Security experts have discovered a fault in Microsoft's flagship operating system Windows 2000 that could allow a malicious user to hijack a system and perform any operation they wish. The flaw with the Windows 2000 Event Viewer -- which logs details of activity on a Windows 2000 system -- could allow an ordinary user to carry out privileged system commands, Microsoft has confirmed. Exploiting the vulnerability, a malicious user could write a specially formatted event to the Event Viewer, which would execute unauthorised code when the log is next viewed. If the next user to view the log is an administrator, super-user commands can be carried out. The one mitigating aspect of the vulnerability is that the malicious user must already have access to a target computer system. "It is not as significant as a wide-ranging vulnerability that could be exploited remotely," said Ian Peacock, security consultant with Swedish computer security firm Defcom. "But companies definitely need to patch this." Microsoft has issued an alert and a patch for the problem available at: http://www.microsoft.com/technet/security/bulletin/MS01-013.asp. Microsoft said that the affected systems are Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server and Windows 2000 Datacenter Server. This is just the latest security flaw to affect Microsoft. A major vulnerability was recently discovered with the software giant's leading email client Outlook. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Microsoft warns of Windows 2000 security hole InfoSec News (Feb 28)