Jan K. Rutkowski

Name of the Vulnerable Software and Affected Versions: WatchGuard ServerLock for Windows 2000 version before 2.0.3 Description: The issue allows local users to load arbitrary modules via the OpenProcess() function. This can be demonstrated through various methods, including a DLL injection attack, ZwSetSystemInformation, and API hooking in OpenProcess. Recommendations: For WatchGuard ServerLock for Windows 2000 version before 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenProcess() function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WatchGuard ServerLock for Windows 2000 version before 2.0.4 Description: The issue allows local users to access kernel memory via a symlink attack on the DevicePhysicalMemory endpoint. This could potentially lead to unauthorized access to sensitive system information. Recommendations: For versions before 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the DevicePhysicalMemory endpoint to minimize the risk of exploitation.