Reported May 22, 2002, by Microsoft.

VERSIONS AFFECTED

 

·         Microsoft Windows 2000

·         Microsoft Windows NT 4.0

·         Microsoft Windows NT 4.0 Server, Terminal Server Edition

 

DESCRIPTION

A vulnerability exists in the authentication mechanism of the Win2K and NT 4.0 debugging facility that can let an unauthorized program gain access to the debugger. An attacker can use this vulnerability to cause a running program to execute a program of the attacker’s choice under the system security context.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-024 to address these vulnerabilities and recommends that affected users apply the appropriate patch listed in the bulletin.

 

CREDIT
Discovered by Microsoft.