Vulnerability Note VU#868580

Microsoft Windows Utility Manager launches applications with system privileges

Overview

The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges.

I. Description

The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contains a privilege escalation vulnerability that permits authenticated local users to launch applications with SYSTEM privileges.

Microsoft reports that the vulnerability disclosed in MS04-019 is different than the one reported in MS04-011, which is described in VU#526084.

II. Impact

This vulnerability allows authenticated local users to launch applications with SYSTEM privileges.

III. Solution

Apply a patch from Microsoft

Microsoft has provided a Security Update to address this vulnerability; for further details, please see Microsoft Security Bulletin MS04-019.

Disable the Utility Manager

Administrators can use the Group Policy settings to disable the Utility Manager. Although this action does not fully address the vulnerability, it may be a useful interim measure to prevent exploitation.

Systems Affected

Vendor	Status	Date Updated
Microsoft Corporation	Vulnerable	14-Jul-2004

References

http://www.microsoft.com/technet/security/bulletin/ms04-019.mspx

Credit

This vulnerability was reported to Microsoft by Cesar Cerrudo of Application Security Inc.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public	07/13/2004
Date First Published	07/14/2004 10:37:46 AM
Date Last Updated	07/14/2004
CERT Advisory
CVE-ID(s)	CAN-2004-0213
NVD-ID(s)	CAN-2004-0213
US-CERT Technical Alerts
Metric	21.26
Document Revision	7

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader