Microsoft Windows Management Local Privilege Escalation Vulnerability

ID SMNTC-10125
Type symantec
Reporter Symantec Security Response
Modified 2004-04-13T00:00:00



Microsoft Windows Management is prone to a local privilege-escalation vulnerability that may allow a local attacker to execute arbitrary attacker-supplied code with SYSTEM privileges.

Technologies Affected

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Windows XP 64-bit Edition
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition Version 2003
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP Home
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional SP1


Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the local nature of this issue, grant only trusted and accountable individuals access to affected computers.

Microsoft has released a security bulletin and fixes to address this issue. Please see the references for more information.