Microsoft on Thursday warned of a buffer overrun
vulnerability in the way the Windows kernel passes error messages to a
debugger and issued a security patch to plug the holes on Windows NT 4.0,
Windows 2000 and Windows XP systems.
The vulnerability alert included a warning that
an intruder could use the flaw to elevate privileges and a recommendation
that sysadmins running susceptible systems install the patch
immediately.
The vulnerability carries an ‘important’ rating, Microsoft’s second
highest on a four-level scale introduced late last year.
The software giant said the vulnerability exists because an attacker
could write a program to exploit this flaw and run code of his or her choice. “An
attacker could exploit this vulnerability to take any action on the system
including deleting data, adding accounts with administrative access, or
reconfiguring the system,” it cautioned.
For an attack to succeed, an intruder would need to be able to logon
interactively to the system, either at the console or through a terminal
session. A successful attack would also require the introduction of code in
order to exploit this vulnerability.
“Because best practices recommends
restricting the ability to logon interactively on servers, this issue most
directly affects client systems and terminal servers,” Microsoft added.
“Standard best practices recommend only allowing trusted administrators
to log onto such systems interactively; without such privileges, an attacker
could not exploit the vulnerability,” the company said.