X

Join or Sign In

Sign in to add and modify your software

Continue with email

By joining Download.com, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy.

Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch

By Microsoft Free

Developer's Description

The Service Control Manager (services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified. The SCM creates a named pipe for each service as it starts, however, should a malicious program predict and create the named pipe for a specific service before the service starts, the program could impersonate the privileges of the service. This could allow the malicious program to run in the context of the given service, with either specific user or LocalSystem privileges.

The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk.

Affected Software Versions

  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

Microsoft has released a patch that eliminates this security vulnerability.

Full Specifications

What's new in version

General

Release December 5, 2008
Date Added August 11, 2000

Operating Systems

Operating Systems Windows, Windows 2000
Additional Requirements None

Popularity

Total Downloads 62,431
Downloads Last Week 0
Report Software

Related Software

Vpn One Click

Free to try
Vpn One Click

Protected Folder

Free to try
Protected Folder

Random Password Generator

Free
Random Password Generator

Cryptomator

Free
Cryptomator

User Reviews

3.5/5
13 User Votes
5 Star
4 Star
3 Star
2 Star
1 Star