Reported July 13, 2004, by Microsoft

VERSIONS AFFECTED

  • Windows 2000
  • Windows NT 4.0

DESCRIPTION
A privilege-elevation vulnerability exists in the POSIX OS subsystem. Although this vulnerability is not exploitable remotely, a potential attacker who successfully exploited the vulnerability could take complete control of an affected system.

VENDOR RESPONSE
Microsoft has released bulletin MS04-020, "Vulnerability in POSIX Could Allow Code Execution (841872)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Rafal Wojtczuk.