COM Cients Under SVCHOST May Run with Elevated Privileges (290315)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q290315 SYMPTOMS
Component Object Model (COM) clients that are running under the system account may be able to spawn new processes that use elevated privileges.
CAUSE
This behavior can occur because the COM Service Control Manager does not enforce the EOAC_DISABLE_AAA flag. This flag prevents COM clients that are running as SYSTEM services from activating servers under the client token. System services that run in SVCHOST are vulnerable if this flag is not enforced, because they use this flag to ensure that COM servers that are launched do not run as SYSTEM.
RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.
| Modification Type: | Major | Last Reviewed: | 11/19/2003 |
|---|
| Keywords: | kbbug kbfix kbnetwork kbpolicy kbWin2000PreSP2Fix KB290315 |
|---|
|