Microsoft warns of new debugger flaw

The vulnerability involves a flaw in the tools' authorization feature, and the company says attackers can exploit the hole to gain complete control of a system.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Microsoft warned Windows NT and 2000 users on Wednesday of a new flaw in its debugger tools that could let attackers give themselves complete control of a system once they've gained basic access to that system.

The vulnerability involves a flaw in the debugger's authorization feature. The flaw lets any user run any program on the system, with the highest privileges.

The hole could be used in conjunction with other Windows vulnerabilities that allow a remote attacker to run as a local user, said Marc Maiffret, chief hacking officer with network-protection company eEye Digital Security.

"By itself, I would say it's not that dangerous, but coupled with other vulnerabilities, it's nasty," Maiffret said. "It makes threats like Nimda possible."

The Nimda worm used a similar double whammy to gain base-level access to a system and then elevate its privileges to take control of the infected computer.

Microsoft gave the vulnerability a "critical" rating for client systems but would not estimate what portion of Windows NT 4.0 and Windows 2000 computers might be vulnerable to the new flaw.

"Being able to log on to the computer in the first place, and being able to run code (once logged on), are the two limiting factors for this flaw," said Christopher Budd, security program manager for Microsoft's security response center.

For example, a guest account could be co-opted by an attacker and used to exploit the flaw to run code only if the system's administrator allowed guests access to the console and let them introduce code to the machine, Budd said.

Microsoft has posted an advisory and a patch for the problem.