| VID |
26052 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q326886) for the "Privilege Elevation Vulnerability in Network Connection Manager" has not been applied.
The NCM(Network Connection Manager) is a operating system component in Windows 2000 that provides a means of controlling a system's network connections, which calls a handler routine whenever a network connection has been established. By design, this handler routine should run in the security context of the user, however, this handler routine can run in the security context of LocalSystem by an unprivileged user, though a very complex process. Due to this vulnerability, an attacker can gain complete control over the machine, thereby gaining the ability to take any desired action on the machine, such as adding, deleting, or modifying data on the system, creating or deleting user accounts, and adding accounts to the local administrators group.
This vulnerability can only be exploited by an attacker who had credentials to log onto the computer interactively.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS02-042.asp
* Platforms Affected:
Microsoft Windows 2000 Any Version SP1-SP3 |
| Recommendation |
Apply the patch for this vulnerability, as listed in Microsoft's security bulletin MS02-042 at
http://www.microsoft.com/technet/security/bulletin/MS02-042.asp
1. Open the page : http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=C38FE1AB-4BF8-41C3-AB8E-9730E5CDF3EE
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
5. Restart your system to complete the installation.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2002-0720 (CVE) |
| Related URL |
5480 (SecurityFocus) |
| Related URL |
9856 (ISS) |
|
