Alnini.comEnterprise Computing » Corporate Security » Windows 2000 Network DDE Vulnerability Patch
  

Windows 2000 Network DDE Vulnerability Patch MS01-007 (2/9/01)


Network Dynamic Data Exchange (DDE) is a technology that enables applications on different Windows computers to dynamically share data. This sharing is effected via communications channels called trusted shares, which are managed by a service called the Network DDE Agent. By design, processes on the local machine can levy requests upon the Network DDE Agent, including ones that indicate what application should be run in conjunction with a particular trusted share. However, a vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine.

Microsoft recommends that customers using Windows 2000 workstations or who allow unprivileged users to run code on Windows 2000 servers apply the patch immediately. In addition, customers operating Windows 2000 Web servers should consider applying the patch to those machines as well, as a precautionary measure.

Publisher:

File size:

215KB

Date added:

29/06/2001

Licence:

Free

Requirements:

Windows 2000 Professional/Server/Advanced Server

Un/Install:

No

Downloads:

1,461

Download Now!

See Also

VisualLookout 5.0g

Monitor and record activity on your network.

ZoneAlarm Pro 5.1.011

Apply comprehensive and customizable security to your Internet connection.

PacketAlarm 4.0

Establish a barrier against attacks and unauthorized access to your network.

Partners
• 

RSS | FAQ |

Links | Maestro

Copyright © 2004-2023 Alnini, Inc. All Rights Reserved. Privacy Policy | Terms of UseGeneration time: 0.02 | SQL queries: 8