what you don't know can hurt you

ms00-012

ms00-012
Posted Feb 23, 2000

Microsoft has released a patch for a vulnerability in an installation routine associated with Microsoft Systems Management Server (SMS). The vulnerability allows a user to gain elevated privileges on the local machine. Microsoft FAQ on this issue here.

tags | local
MD5 | 0570a2b91dff79a5605222e9f58f0da8

ms00-012

Change Mirror Download
Microsoft Security Bulletin (MS00-012)
--------------------------------------

Patch Available for "Remote Agent Permissions" Vulnerability
Originally Posted: February 22, 2000

Summary
=======
Microsoft has released a patch that eliminates a security vulnerability
in an installation routine associated with Microsoft® Systems
Management Server (SMS). If particular features have been enabled, the
vulnerability could allow a user to gain elevated privileges on the
local machine.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-012.asp

Issue
=====
If the SMS 2.0 Remote Control feature has been installed and enabled on
a machine, the folder in which the remote agent resides has its
permissions set to Everyone Full Control by default. If a malicious
user replaced the client code with code of his or her choosing, it
would run automatically in a system context the next time he or she
rebooted the machine and logged on. The vulnerability exists only if
the Remote Control feature has been enabled - no other SMS features
are affected by it.

Affected Software Versions
==========================

Microsoft Systems Management Server 2.0

Patch Availability
==================

For X86: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=18498
For Alpha: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=18499

Note Additional security patches are available at the Microsoft Download
Center.

More Information
================
Please see the following references for more information related to this
issue.

- Frequently Asked Questions: Microsoft Security Bulletin MS00-012.
http://www.microsoft.com/technet/security/bulletin/fq00-012.asp
- Microsoft TechNet Security web site.
http://www.microsoft.com/technet/security/default.asp

Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp.

Revisions
=========
February 22, 2000: Bulletin Created.

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS
IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES,
EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT
CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER
INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT APPLY.

Last updated February 22, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of use.

*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.

For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/security/services/bulletin.asp. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    1 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close