Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
|
|||||||
Download Now:
Flaw in Windows WM_TIMER Message Handling
|
|
Thread Tools | Search this Thread |
|
#1
12-12-2002
|
||||
|
||||
|
Flaw in Windows WM_TIMER Message Handling
Issue:
By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges. Affected Software: Microsoft Windows NT 4.0 Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Patch availability: Windows NT 4.0: All except Japanese NEC & Chinese - Hong Kong Japanese NEC Chinese - Hong Kong Windows NT 4.0, Terminal Server Edition: All Windows 2000: All except Japanese NEC Japanese NEC Windows XP: 32-bit Edition 64-bit Edition |
|
 |
| Similar Topics | ||||
| Topic | Replies | Forum | ||
 End program-MCI command handling windows?
|
0 | Windows OS | ||
|
Windows flaw exploit
|
3 | General Discussion | ||
|
Buffer Overrun in Windows Kernel Message Handling
|
1 | General Discussion | ||
|
Flaw in Windows Script May Allow Code to Run
|
6 | General Discussion | ||
|
WM_TIMER Messages Not Delivered to Programs
|
0 | General Discussion | ||
| Thread Tools | Search this Thread |
|
|
All times are GMT -4. The time now is 09:30 AM.