Microsoft Corp. on Thursday issued a patch for a critical flaw in Windows 2000 that could allow an attacker to run code with system-level privileges on vulnerable machines.
The vulnerability lies in the Network Connection Manager (NCM), a component of Windows 2000 that controls all the network connections managed by a given host. One of NCMs main functions is to call a handler routine whenever a client establishes a new network connection.
This handler is designed to run in the security context of the user. But, the vulnerability enables an attacker to cause it to run in the context of LocalSystem. The attacker could then specify malicious code as the handler and establish a network connection to cause that code to be called.
The code would then run with system level privileges, Microsoft said in its advisory. In order to exploit the vulnerability, the attacker must first be able to log on interactively to the affected system.
The patch for the flaw is available here.
Microsoft, of Redmond, Wash., also issued another advisory Thursday, this one for a new vulnerability in SQL Server 7 and 2000. The flaw is in a set of extended stored procedures that ship with SQL and that are used by some helper functions.
Some of the procedures that can reconnect to the SQL service account have weak permissions associated with them, enabling an unprivileged user to execute them and force them to run with administrator-level privileges.
In order to exploit the flaw, an attacker could either load and execute a database query that calls one of the procedures, or configure a Web site or other front end to access and process arbitrary queries and then provide inputs that would cause the query to call one of the functions in question with the appropriate malformed parameters.
Microsoft has included the fix for this flaw in a cumulative patch for SQL 7 and 2000, available here.
- IE Flaw Leaves Users Open to Data Theft
- PGP Attack Leaves Mail Vulnerable
- More Security Coverage