Windows 2000 Exploit Code Released

Exploit code for a known security flaw in Microsoft
Windows 2000 has been posted online, putting millions of
users at risk of a PC hijack.

Less than a week after Microsoft released a
fix for an “important” privilege elevation vulnerability in the Windows
2000 Utility Manager feature, hackers have reverse-engineered the patch and
released the code that could lead to an exploit.

Microsoft confirmed that the vulnerability could allow a logged-on
user to misuse the Utility Manager to start an application with system
privileges and take control of the system.

“An attacker who
successfully exploited this vulnerability could take complete control of an
affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts that have full privileges,” the
company warned.

A patch
for the MS04-019 vulnerability is
available now.

The availability of exploit code increases the risk of viruses and worms
targeting the Windows 2000 OS family, which is installed on the majority of
enterprise desktops in the United States.

It also highlights the patch management conundrum faced by the software
giant as it struggles to cope with the speed with which hackers create and release
malicious exploits. According to Microsoft statistics, an exploit for the
Code Red and Nimda worms was released 331 days after a patch was made available. In
the case of the Slammer worm, exploit code was available in 180 days while
the Blaster worm exploit was ready in just 25 days.

The SANS Internet Storm Center also detected another exploit targeting the
MS04-022
flaw. The center did not provide any additional information.

The MS04-022 advisory patches a buffer overflow in the Windows Task
Scheduler feature that could lead to system hijack. Affected products
include Windows 2000 and Windows XP. The Windows NT Workstation and Windows
NT Server operating systems are not affected by default.

As with the MS04-019 vulnerability, this flaw also allows attackers to hijack affected systems,
install programs, view, change, or
delete data with full privileges.

Late Monday, Microsoft released an update to MS04-022 patch to provide an
additional workaround to prevent the possibility of an attack.