[ISN] Microsoft patches Windows 2000 flaw, SQL holes

From: InfoSec News (isnat_private)
Date: Mon Aug 19 2002 - 05:40:10 PDT

  • Next message: InfoSec News: "[ISN] NIPC seeks cyberalert support"

    By Sam Costello
    IDG News Service, 08/16/02 
    Microsoft Thursday released a patch for a vulnerability it called 
    "critical" that could allow an attacker to take complete control of 
    Windows 2000 systems. The company also released a cumulative patch for 
    SQL Sever 7.0 and 2000 that repaired a new security hole.
    The first vulnerability exists in the Network Connection Manager (NCM) 
    component of Windows 2000, which is used to process and handle network 
    connections made by users. The NCM is supposed to run in the user's 
    security context, which usually limits what actions a user can take on 
    the system. Due to the flaw, however, it can run in the LocalSystem 
    context, giving the NCM greater privileges, Microsoft said in its 
    security alert.
    When the NCM is used, one of its functions is to call on a handler 
    routine run by the NCM, Microsoft said. The flaw could allow attackers 
    who do not have proper access privileges to create their own handler 
    routine and cause the NCM to run it by creating a network connection, 
    the company said.
    This attack could cause the attacker-supplied code to run with full 
    system privileges, giving the attacker control of the machine, 
    Microsoft said.
    The vulnerability is mitigated, however, because a user usually needs 
    to have privileges to log on to the target system in order to be able 
    to exploit the flaw, the company said.
    More information about the vulnerability, and the patch to fix it, are 
    available here [1].
    Microsoft Thursday also released a cumulative patch for SQL Server 7.0 
    and 2000 that included a fix for a previously undisclosed 
    The vulnerability exists in the Microsoft-supplied stored procedures 
    that ship with the software and are used for various helper functions, 
    the company said. A flaw in the permissions associated with the 
    procedures could allow users without the proper access rights to 
    execute the procedures with administrator privileges, the company 
    Though Microsoft only rates the flaw as "moderate," an attacker could 
    exploit the flaw in order to make database calls they are not 
    permitted to make, the company said.
    The full cumulative patch, as well as information on the new 
    vulnerability, can be found here [2].
    [1] http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-042.asp
    [2] http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-043.asp
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 08:20:33 PDT