On Wednesday Microsoft released details of a buffer overrun vulnerability and issued a security patch to block the flaws on Windows NT 4.0, Windows 2000 and Windows XP systems.
Microsoft explained that there is a flaw in the way the Windows kernel passes error messages to a debugger, which could allow people to arrogate privileges to themselves.
This means that an attacker could write a program to exploit the flaw and run code of their choice, or they could take any action on the system including deleting data, adding accounts with administrative access, or reconfigure the system.
In order to be successful attacking the kernel, the intruder “requires the ability to logon interactively to the target machine, either directly at the console or through a terminal session,” according to the security bulletin issued by Microsoft. “Also, a successful attack would require the introduction of code in order to exploit this vulnerability.”
Properly secured servers would be at little risk from this vulnerability, Microsoft said, adding that “because best practices recommends restricting the ability to logon interactively on servers, the alert mainly affects client systems and terminal servers.”
Carrying an ‘important’ rating, the alert ranks second highest on a four-level Microsoft scale.
The patch can be found at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-013.asp.