Windows 2000 Exploit Code Released

By Ryan Naraine (Send Email)
Posted Jul 22, 2004


Exploit code for a known security flaw in Microsoft Windows 2000 has been posted online, putting millions of users at risk of a PC hijack.

Exploit code for a known security flaw in Windows 2000 has been posted online, putting millions of users at risk of a PC hijack. MS04-019 and MS04-022 security patches are available to fix the problem.

Less than a week after Microsoft released a fix for an "important" privilege elevation vulnerability in the Windows 2000 Utility Manager feature, hackers have reverse-engineered the patch and released the code that could lead to an exploit.

Microsoft confirmed that the vulnerability could allow a logged-on user to misuse the Utility Manager to start an application with system privileges and take control of the system.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges," the company warned.

A patch for the MS04-019 vulnerability is available now.

The availability of exploit code increases the risk of viruses and worms targeting the Windows 2000 OS family, which is installed on the majority of enterprise desktops in the United States.

It also highlights the patch management conundrum faced by the software giant as it struggles to cope with the speed with which hackers create and release malicious exploits. According to Microsoft statistics, an exploit for the Code Red and Nimda worms was released 331 days after a patch was made available. In the case of the Slammer worm, exploit code was available in 180 days, and the Blaster worm exploit was ready in just 25 days.

The SANS Internet Storm Center also detected another exploit targeting the MS04-022 flaw. The center did not provide any additional information.

The MS04-022 advisory patches a buffer overflow in the Windows Task Scheduler feature that could lead to system hijack. Affected products include Windows 2000 and Windows XP. The Windows NT Workstation and Windows NT Server operating systems are not affected by default.

As with the MS04-019 vulnerability, this flaw also allows attackers to hijack affected systems, install programs, view, change, or delete data with full privileges.

Late Monday, Microsoft released an update to MS04-022 patch to provide an additional workaround to prevent the possibility of an attack.

This article was originally published on internetnews.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.