Microsoft have stated in their FAQ a number of things that I'd disagree with or feel could do with more clarification Forgive the copyright infringments >For example, compromising a workstation would only allow the attacker to elevate his or her privileges on the workstation, and would not allow >them to gain privileges on the network at large. By definition "arbitary code" is arbitary - in other words the attacker can run what _they_ want. The exploit code posted earlier today will invisibly run a batch file. If that batch file contains a command "addme.exe \\PDC" and addme.exe happened to call the NetGroupAddUser() Win32 function and the trap was sprung by a domain admin then yes, they can "gain privileges on the network at large". >The attacker would need several things in order to exploit this vulnerability: >Access to a machine that's also used by an administrator or another user with more privileges than the attacker has This point will be negated shortly - see * >The ability to modify the other user's Dialer initialization file On Windows NT Server and Workstation the same dialer.ini file is used by everyone. Only Terminal Server gives everyone their own ini file. >Some means of getting the other user to run Dialer * "Good Morning, is that technical support? Ah good - I'm having problems with...." Why go to a machine where an admin logs on - get them to come to you. End rant ;-) Cheers, David Litchfield Arca Systems Inc, an Exodus Communications company http://www.arca.com http://www.infowar.co.uk/mnemonix
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:28 PDT