Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: ciack019.htm

Microsoft "Spoofed LPC Port Request" Vulnerability



Microsoft - "Spoofed LPC Port Request" Vulnerability Privacy and Legal Notice

CIAC INFORMATION BULLETIN

K-019: Microsoft - "Spoofed LPC Port Request" Vulnerability

January 25, 2000 22:00 GMT
PROBLEM:       A function which supports LPC (Local Procedure Calls) is
               flawed. A malicious user through a series of steps could fool
               the validation checking in the function into believing the user
               has higher privileges.
PLATFORM:      Microsoft Windows NT 4.0 Workstation, Microsoft Windows NT 4.0
               Server, Microsoft NT 4.0 Server (Enterprise Edition), Microsoft
               Windows NT 4.0 Server (Terminal Server Edition)
DAMAGE:        A malicious user could logon to a Windows NT 4.0 machine and
               run a program posing as another user or the Administrator of
               the machine.
SOLUTION:      Install the hotfix from Microsoft.

VULNERABILITY The risk is low. A malicious user would need to have local ASSESSMENT: access to the machine and be able to, through a series of complicated steps, spoof the validation checking of an LPC function.
[ Begin Microsoft Security Bulletin ] Microsoft Security Bulletin (MS00-003) -------------------------------------- Patch Available for "Spoofed LPC Port Request" Vulnerability Originally Posted: January 13, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows NT(r) 4.0. The vulnerability could allow a user logged onto a Windows NT 4.0 machine from the keyboard to become an administrator on the machine. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/security/bulletins/MS00-003faq.asp. Issue ===== LPC Ports is a facility that allows LPC calls on a machine. One of the functions in the LPC Ports API set enables, by design, a server thread to impersonate a client thread on the same machine. However, a flaw in the validation portion of the function would allow a malicious user to create both the client and server threads, and manipulate the impersonation request to allow it to run in the context of any desired user on the local machine, including the System itself. The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. However, it also could be used to cause audit logs to indicate that certain actions were taken by another user. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk. Affected Software Versions ========================== - Microsoft Windows NT 4.0 Workstation - Microsoft Windows NT 4.0 Server - Microsoft Windows NT 4.0 Server, Enterprise Edition - Microsoft Windows NT 4.0 Server, Terminal Server Edition Patch Availability ================== - Microsoft Windows NT 4.0 Workstation, Server and Server, Enterprise Edition: Intel: http://www.microsoft.com/downloads/release.asp?ReleaseID=17382 Alpha: http://www.microsoft.com/downloads/release.asp?ReleaseID=17383 - Microsoft Windows NT 4.0 Server, Terminal Server Edition: To be released shortly. NOTE: Additional security patches are available at the Microsoft Download Center. More Information ================ Please see the following references for more information related to this issue. - Microsoft Security Bulletin MS00-003: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS00-003faq.asp. - Microsoft Knowledge Base (KB) article Q247869, Local Procedure Call may Permit Unauthorized Account Usage, http://support.microsoft.com/support/kb/articles/q247/8/69.asp. (Note: It may take 24 hours from the original posting of this bulletin for the KB article to be visible.) - Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp. Obtaining Support on this Issue =============================== This is a fully supported patch. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/support/contact/default.asp. Acknowledgments =============== Microsoft thanks Bindview's RAZOR Security Team (www.bindview.com) for reporting this issue to us and working with us to protect customers. Revisions ========= - January 13, 2000: Bulletin Created. -------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. (c) 2000 Microsoft Corporation. All rights reserved. Terms of Use [ End Microsoft Security Bulletin ]

CIAC wishes to acknowledge the contributions of Microsoft Corporation for the information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at:
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@llnl.gov
    World Wide Web:  http://www.ciac.org/
                     http://ciac.llnl.gov
                     (same machine -- either one will work)
    Anonymous FTP:   ftp.ciac.org
                     ciac.llnl.gov
                     (same machine -- either one will work)

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH