- Quick specs
- Price: Free
- Operating system: Windows 2000
- Date added: August 11, 2000
- Total Downloads: 48,997
- Downloads last week: 2
- See full specifications
- Average user rating: stars out of 13 votes
See all user reviews
Publisher's description
From Microsoft :The Service Control Manager (services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified. The SCM creates a named pipe for each service as it starts, however, should a malicious program predict and create the named pipe for a specific service before the service starts, the program could impersonate the privileges of the service. This could allow the malicious program to run in the context of the given service, with either specific user or LocalSystem privileges.
The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk.
Affected Software Versions
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
Microsoft has released a patch that eliminates this security vulnerability.
More popular Encryption Software downloads
- 52,623 downloads 1. RoboForm
- 27,875 downloads 2. Hotspot Shield
- 26,862 downloads 3. Computer Use Reporter
- 8,814 downloads 4. Easy File Encryption
- 8,095 downloads 5. Easy Private Disk
- See all Encryption Software downloads
User reviews
- Average user rating: 0 stars Not yet available
- My rating: 0 stars Write review
-
Showing 2 of 2 user reviewsSee all 2 user reviews
This software version | All versions -
Version: Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch
-
Version: Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch
"You would have to be nuts not to use this!"
- See all 2 user reviews Write review
Submit your review
- See more CNET content tagged:
- Microsoft Windows 2000,
- malicious program,
- malicious user,
- privilege,
- vulnerability

