Reported August 15, 2002, by Microsoft.

VERSION AFFECTED

 

  • Windows 2000

DESCRIPTION

 

A vulnerability exists in Windows 2000’s Network Connection Manager (NCM) that can result in an attack compromising the affected system. This vulnerability stems from a flaw in an NCM handler routine that grants an unprivileged user LocalSystem rights.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-042 (Flaw in Network Connection Manager Could Enable Privilege Elevation) to address this vulnerability and recommends that affected users download and apply the patch mentioned in the security bulletin.

 

CREDIT
Discovered by Microsoft.