Microsoft Patch Fixes Windows Debugger Flaw

 
 
By Dennis Fisher  |  Posted 2002-05-23 Print this article Print
 
 
 
 
 
 
 

Microsoft has released a patch for a new critical flaw in the debugger service in Windows NT and 2000 that enables an attacker to gain complete access to a vulnerable machine.

Microsoft Corp. on Wednesday released a patch for a new critical flaw in the debugger service in Windows NT and 2000 that enables an attacker to gain complete access to a vulnerable machine. The Redmond, Wash., company says there is a flaw in the authentication mechanism in the debugging program that allows unauthorized programs to gain access to the debugger. The attacker could then use the debugger to cause a running program to start another program of his choosing. The debugger is used to diagnose and analyze problems with programs as they are running, and as such, has the capability of taking control of other applications. The debugger can also issue commands to other applications, including the order to start other programs.
In its bulletin, Microsoft warns that because many programs run as the operating system, an attacker could execute code with the privileges of the OS.
Windows NT 4.0, 4.0 Terminal Server Edition and 2000 are all vulnerable, Microsoft said. The company has posted separate patches for each version here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-024.asp. Related stories:
  • Microsoft Sews Patch for IE
  • Microsoft, AOL IM Flaws Uncovered
  •  
     
     
     
     
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...
     
    Manage your Newsletters: Login   Register My Newsletters























     
     
     
     
     
     
     
     
     
     
     
    Rocket Fuel