Reported August 15, 2002, by Microsoft.
A vulnerability exists in Windows 2000’s Network Connection Manager (NCM) that can result in an attack compromising the affected system. This vulnerability stems from a flaw in an NCM handler routine that grants an unprivileged user LocalSystem rights.
The vendor, Microsoft, has released Security Bulletin MS02-042 (Flaw in Network Connection Manager Could Enable Privilege Elevation) to address this vulnerability and recommends that affected users download and apply the patch mentioned in the security bulletin.
Discovered by Microsoft.