http://news.com.com/2100-1001-920940.html?tag=fd_top By Robert Lemos Staff Writer, CNET News.com May 22, 2002, 5:25 PM PT Microsoft warned Windows NT and 2000 users on Wednesday of a new flaw in its debugger tools that could let attackers give themselves complete control of a system once they've gained basic access to that system. The vulnerability involves a flaw in the debugger's authorization feature. The flaw lets any user run any program on the system, with the highest privileges. The hole could be used in conjunction with other Windows vulnerabilities that allow a remote attacker to run as a local user, said Marc Maiffret, chief hacking officer with network-protection company eEye Digital Security. "By itself, I would say it's not that dangerous, but coupled with other vulnerabilities, it's nasty," Maiffret said. "It makes threats like Nimda possible." The Nimda worm used a similar double whammy to gain base-level access to a system and then elevate its privileges to take control of the infected computer. Microsoft gave the vulnerability a "critical" rating for client systems but would not estimate what portion of Windows NT 4.0 and Windows 2000 computers might be vulnerable to the new flaw. "Being able to log on to the computer in the first place, and being able to run code (once logged on), are the two limiting factors for this flaw," said Christopher Budd, security program manager for Microsoft's security response center. For example, a guest account could be co-opted by an attacker and used to exploit the flaw to run code only if the system's administrator allowed guests access to the console and let them introduce code to the machine, Budd said. Microsoft has posted an advisory and a patch for the problem. - ISN is currently hosted by Attrition.org To unsubscribe email email@example.com with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 05:52:02 PDT