also @ TechSpot: Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Flaw in Windows WM_TIMER Message Handling

Discussion in 'General Discussion' started by TS | Thomas, Dec 12, 2002.

Thread Status:
Not open for further replies.

  1. TS | Thomas Newcomer, in training

    Issue:
    By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges.

    Affected Software:
    Microsoft Windows NT 4.0
    Microsoft Windows NT 4.0, Terminal Server Edition
    Microsoft Windows 2000
    Microsoft Windows XP

    Patch availability:
    Windows NT 4.0:
    All except Japanese NEC & Chinese - Hong Kong
    Japanese NEC
    Chinese - Hong Kong

    Windows NT 4.0, Terminal Server Edition:
    All

    Windows 2000:
    All except Japanese NEC
    Japanese NEC
    Windows XP:
    32-bit Edition
    64-bit Edition
    TS | Thomas, Dec 12, 2002
    #1
Thread Status:
Not open for further replies.