Icon of program: Windows 2000 Service Cont…

Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch

Download now

Used Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch for Windows?

Editors’ Review

Download.com staff
A vulnerability in Windows 2000's Service Control Manager allowed malicious programs to gain elevated privileges. Microsoft has released a patch to fix this security flaw.

  • Pros

    • Patch available to eliminate vulnerability
    • Addresses privilege escalation risk

  • Cons

    • Affected Windows 2000 Professional, Server, and Advanced Server
    • Requires interactive logon and program execution to exploit
    • Workstations and terminal servers at greatest risk
Icon of program: Windows 2000 Service Cont…

Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch

Download now

Used Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch for Windows?

Explore More

Full Specifications

GENERAL
Release
Latest update
Version
0
OPERATING SYSTEMS
Platform
Windows
Operating System
  • Windows 2000
  • Windows 10
Additional Requirements
None
POPULARITY
Total Downloads
62,440
Downloads Last Week
1
Report Software

Program available in other languages

Last Updated

User Reviews

5/5

2 User Votes

Developer’s Description

By Microsoft
Prevent a user from logging on as an administrator.
The Service Control Manager (services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified. The SCM creates a named pipe for each service as it starts, however, should a malicious program predict and create the named pipe for a specific service before the service starts, the program could impersonate the privileges of the service. This could allow the malicious program to run in the context of the given service, with either specific user or LocalSystem privileges.

The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk.

Affected Software Versions

  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

Microsoft has released a patch that eliminates this security vulnerability.

Download.com
Your review for Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability Patch