This patch eliminates several security vulnerabilities that could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. Several vulnerabilities have been identified in the Windows NT 4.0 and Windows 2000 implementations of LPC and LPC ports:
- The Invalid LPC Request vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail.
- The LPC Memory Exhaustion vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted.
- The Predictable LPC Message Identifier vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible, under certain conditions, to send bogus requests to a privileged process in order to gain additional local privileges.
- A new variant of the previously-reported Spoofed LPC Port Request vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes.
Visit the LPC Vulnerability FAQ for more information.