Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows® 2000. The vulnerability could, under certain conditions, allow an attacker to gain complete control over an affected machine.

Network Dynamic Data Exchange (DDE) is a technology that enables applications on different Windows computers to dynamically share data. This sharing is effected via communications channels called trusted shares, which are managed by a service called the Network DDE Agent. By design, processes on the local machine can levy requests upon the Network DDE Agent, including ones that indicate what application should be run in conjunction with a particular trusted share. However, a vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine. In order to exploit this vulnerability, the attacker would need the ability to run a program on an affected machine that would levy the appropriate requests. However, best practices strongly recommend against ever allowing unprivileged users to run code on security-critical machines such as domain controllers and other servers; if these recommendations have been followed, such machines would not be at risk. In addition, terminal servers are not affected by this vulnerability (except in the case where unprivileged users are allowed to log on at the console, which is never recommended). As a result, workstations are likely to be the machines primarily affected by the vulnerability. This would tend to limit the damage that could be done via this vulnerability because, in most cases, even gaining complete control of a workstation would not convey any additional privileges on the domain. Microsoft recommends that customers using Windows 2000 workstations or who allow unprivileged users to run code on Windows 2000 servers apply the patch immediately. In addition, customers operating Windows 2000 web servers should consider applying the patch to those machines as well, as a precautionary measure. If an attacker were able to gain the ability to run code in a restricted context on a web server via another vulnerability, this vulnerability would provide a way to immediately elevate her privileges and cause broader damage.

Affected Software Versions

Patch Availability

You can also check out past Bulletins in our Microsoft Security Bulletin Summary List