Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability

2004-04-13T00:00:00
ID SMNTC-10124
Type symantec
Reporter Symantec Security Response
Modified 2004-04-13T00:00:00

Description

Description

Microsoft Utility Manager is prone to a local privilege-escalation vulnerability that may allow a local attacker to execute arbitrary code with SYSTEM privileges.

Technologies Affected

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Advanced Server SP4
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Datacenter Server SP1
  • Microsoft Windows 2000 Datacenter Server SP2
  • Microsoft Windows 2000 Datacenter Server SP3
  • Microsoft Windows 2000 Datacenter Server SP4
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Server SP4

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the local nature of this issue, grant only trusted and accountable individuals access to affected computers.

Disable any services that are not needed.
If applicable, disable the Microsoft Utility Manager Service. This will help prevent successful attacks.

Microsoft has released a security bulletin and fixes to address this issue. Please see the references for more information.