Microsoft Corp. has released an updated patch for a security vulnerability discovered in Windows NT 4.0 in December. The new update fixes a flaw in the original patch that installed the wrong binaries on multi-processor machines, causing them to crash in some situations.
The original vulnerability that the patch was meant to fix affected Windows 2000 and XP as well. But the problem that prompted the release of the new patch only occurs in machines running Windows NT 4.0 Terminal Services Edition.
When applied to NT machines, the original patch should have worked on both single-processor and multi-processor servers. However, the patchs installer copied the wrong binaries onto multi-processor machines.
The vulnerability that this patch fixes is a flaw in the way that the interactive desktop in Windows handles messages sent between some specific processes. The vulnerability results because its possible for one process to use a message sent at the expiration of a timer to cause another process to execute a callback. That callback would be executed at the address of the first process choice.
If the second process had a higher privilege level than did the first process, this would enable the first process to exercise those elevated privileges. Several processes on the interactive desktop run by default with LocalSystem privileges.
A local attacker who could log onto the system and perform this attack against a process with such high privileges could gain complete control of the local machine.
The revised bulletin and patch for this flaw are available here.
Latest Security News:
Search for more stories by Dennis Fisher.
Find white papers on security.