Windows 2000 Exploit Code Released

Windows 2000 Exploit Code Released


July 22, 2004

Exploit code for a known security flaw in Microsoft Windows 2000 has been posted online, putting millions of users at risk of a PC hijack.

Less than a week after Microsoft released a fix for an "important" privilege elevation vulnerability in the Windows 2000 Utility Manager feature, hackers have reverse-engineered the patch and released the code that could lead to an exploit.

Microsoft confirmed that the vulnerability could allow a logged-on user to misuse the Utility Manager to start an application with system privileges and take control of the system.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges," the company warned.

A patch for the MS04-019 vulnerability is available now.

The availability of exploit code increases the risk of viruses and worms targeting the Windows 2000 OS family, which is installed on the majority of enterprise desktops in the United States.

It also highlights the patch management conundrum faced by the software giant as it struggles to cope with the speed with which hackers create and release malicious exploits. According to Microsoft statistics, an exploit for the Code Red and Nimda worms was released 331 days after a patch was made available. In the case of the Slammer worm, exploit code was available in 180 days, and the Blaster worm exploit was ready in just 25 days.

The SANS Internet Storm Center also detected another exploit targeting the MS04-022 flaw. The center did not provide any additional information.

The MS04-022 advisory patches a buffer overflow in the Windows Task Scheduler feature that could lead to system hijack. Affected products include Windows 2000 and Windows XP. The Windows NT Workstation and Windows NT Server operating systems are not affected by default.

As with the MS04-019 vulnerability, this flaw also allows attackers to hijack affected systems, install programs, view, change, or delete data with full privileges.

Late Monday, Microsoft released an update to MS04-022 patch to provide an additional workaround to prevent the possibility of an attack.

This article was originally published on internetnews.com.