Version: 2008
  • On GameFAQs: What causes the Red Ring of Death?
advertisement
Click Here

Windows 2000 LPC Vulnerability Patch

  • Quick specs
  • Price: Free
  • Operating system: Windows 2000
  • Date added: October 06, 2000
  • Total Downloads: 12,514
  • Downloads last week: 2
  • See full specifications
Add to my list Add to my Watch List
Download Now (1.36MB)
Tested spyware free

Publisher's description

From Microsoft :

This patch eliminates several security vulnerabilities that could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. Several vulnerabilities have been identified in the Windows NT 4.0 and Windows 2000 implementations of LPC and LPC ports:

  • The Invalid LPC Request vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail.
  • The LPC Memory Exhaustion vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted.
  • The Predictable LPC Message Identifier vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible, under certain conditions, to send bogus requests to a privileged process in order to gain additional local privileges.
  • A new variant of the previously-reported Spoofed LPC Port Request vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes.
Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he/she could log onto interactively. Typically, workstations and terminal servers would be chiefly at risk, because, if normal security practices have been followed, normal users will not be allowed to log onto critical servers interactively. This also means that, even in the worst case, the vulnerability would only confer additional local-'not domain-'privileges on the malicious user.

Visit the LPC Vulnerability FAQ for more information.

Real Player SP
Watch your favorite videos on your favorite devices.
Download Now

More popular Encryption Software downloads

  1. 52,623 downloads 1. RoboForm
  2. 27,875 downloads 2. Hotspot Shield
  3. 26,862 downloads 3. Computer Use Reporter
  4. 8,814 downloads 4. Easy File Encryption
  5. 8,095 downloads 5. Easy Private Disk
  6. See all Encryption Software downloads
PC Starter Kit
Because what good is a new computer without the right software?
Download Now

User reviews

Write your own review Be the first one to review Windows 2000 LPC Vulnerability Patch and share your experience with the CNET community!
Previous versions: See all user reviews

Submit your review

Log in or create an account to submit your review for:

Windows 2000 LPC Vulnerability Patch

ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
Microsoft Windows 2000,
Microsoft Windows NT 4.0,
malicious user,
request,
vulnerability

advertisement
Click Here
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET