PT-2002-1430 · Microsoft · Windows 2000+1

Publicado

2002-06-25

Atualizado

2025-10-22

CVE-2002-0367

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows NT and Windows 2000

Description The smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs. This allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Recommendations For Windows NT and Windows 2000, consider restricting access to the smss.exe debugging subsystem to minimize the risk of exploitation. As a temporary workaround, consider disabling the debugging subsystem until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2002-0367

Produtos afetados

Windows 2000

Windows Nt

PT-2002-1430 · Microsoft · Windows 2000+1

CVE-2002-0367

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18