Windows 2000 Default Permissions Could Allow Trojan Horse Program Issue: On Windows 2000, the default permissions provide the Everyone group with Full access (Everyone:F) on the system root folder (typically, C:\). In most cases, the system root is not in the search path. However, under certain conditions - for instance, during logon or when applications are invoked directly from the Windows desktop via Start | Run - it can be. This situation gives rise to a scenario that could enable an attacker to mount a Trojan horse attack against other users of the same system, by creating a program in the system root with the same name as some commonly used program, then waiting for another user to subsequently log onto the system & invoke the program. The Trojan horse program would execute with the user's own privileges, thereby enabling it to take any action that the user could take. Affected Software: Microsoft Windows 2000 Patch availability: This vulnerability requires an administrative procedure rather than a patch. The needed changes are discussed in the FAQ.