Issue:
On Windows 2000, the default permissions provide the Everyone group with Full access (Everyone:F) on the system root folder (typically, C:\). In most cases, the system root is not in the search
path. However, under certain conditions - for instance, during logon or when applications are invoked directly from the Windows desktop via Start | Run - it can be.

This situation gives rise to a scenario that could enable an attacker to mount a Trojan horse attack against other users of the same system, by creating a program in the system root with the same name as some commonly used program, then waiting for another user to subsequently log onto the system & invoke the program. The Trojan horse program would execute with the user's own privileges, thereby enabling it to take any action that the user could take.

Affected Software:
Microsoft Windows 2000

Patch availability:
This vulnerability requires an administrative procedure rather than a patch. The needed changes are discussed in the [URL=http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-064.asp]FAQ[/URL].