Vulnerability Note VU#868580

Microsoft Windows Utility Manager launches applications with system privileges

Original Release date: 14 Jul 2004 | Last revised: 14 Jul 2004

Overview

The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges.

Description

The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contains a privilege escalation vulnerability that permits authenticated local users to launch applications with SYSTEM privileges.

Microsoft reports that the vulnerability disclosed in MS04-019 is different than the one reported in MS04-011, which is described in VU#526084.

Impact

This vulnerability allows authenticated local users to launch applications with SYSTEM privileges.

Solution

Apply a patch from Microsoft

Microsoft has provided a Security Update to address this vulnerability; for further details, please see Microsoft Security Bulletin MS04-019.

Disable the Utility Manager


Administrators can use the Group Policy settings to disable the Utility Manager. Although this action does not fully address the vulnerability, it may be a useful interim measure to prevent exploitation.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected13 Jul 200414 Jul 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported to Microsoft by Cesar Cerrudo of Application Security Inc.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: CAN-2004-0213
  • Date Public: 13 Jul 2004
  • Date First Published: 14 Jul 2004
  • Date Last Updated: 14 Jul 2004
  • Severity Metric: 21.26
  • Document Revision: 7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.