Home › News › Industry News

Flaw in Windows WM_TIMER Message Handling

On December 12, 2002, 1:15 PM

Issue:
By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges.

Affected Software:
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP

Patch availability:
Windows NT 4.0:
All except Japanese NEC & Chinese - Hong Kong
Japanese NEC
Chinese - Hong Kong

Windows NT 4.0, Terminal Server Edition:
All

Windows 2000:
All except Japanese NEC
Japanese NEC
Windows XP:
32-bit Edition
64-bit Edition

No tags on this story

Next Article: Flaw in SMB Signing Could Enable Group Policy to be Modified

TechSpot on:

Most Popular

Trending

Featured

Featured on PC Games

Downloads and Drivers

World of Warcraft Patch 5.3.0

Funny Photo Maker 2.4.1

More Downloads

Latest Discussion

Need advice on router-buy 10 replies on Storage and Networking

Zotac gtx 660 fan problem 6 replies on Audio and Video

Overclocking i7-3770k, question about speedfan 7 replies on Overclocking, Cooling and Modding

Upgrading my computer 8 replies on Processors and Motherboards

What game first got you hooked on gaming? 176 replies on Gaming

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.

TechSpot

Welcome to TechSpot

Home › News › Industry News

Flaw in Windows WM_TIMER Message Handling

Next Article: Flaw in SMB Signing Could Enable Group Policy to be Modified

Post a new comment

TechSpot on:

Most Popular

GeForce GTX 780 Review: The Titan Descendant

OCZ Vertex 450 Review: Vector-like Performance For Less

AMD A4-5000 Review: The affordable ultraportable APU

Apple's iOS 7 to be "black, white and flat all over"

Apple claims Samsung violates Siri patents with Google Now

AMD A4-5000 Review: Kabini, the mainstream APU

OCZ Vertex 450 SSD Review

Nvidia GeForce GTX 780 Review

Xbox One: Entertainment Hub First, Gaming Console Second -- But Could It Disrupt TV?

Metro: Last Light Performance, Benchmarked

Featured on PC Games

74 Resident Evil: Revelations

82 Metro: Last Light

71 Strike Suit Infinity

81 Far Cry 3: Blood Dragon

85 Monaco: Whats Yours is Mine

Downloads and Drivers

Latest Discussion

Subscribe to TechSpot

Featured Tech Content - Inside TechSpot

	Social Login & Guest Posting Post as anonymous user			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.