Microsoft KB Archive/320388

= Non-administrative users can obtain system permissions on the destination computer =

Article ID: 320388

Article Last Modified on 5/21/2007

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition

-



This article was previously published under Q320388





SYMPTOMS
Non-administrative users may obtain system permissions on the destination computer.



CAUSE
This problem occurs because of a vulnerability in Client Server Runtime Subsystem (CSRSS), also known as the Win32 subsystem. A malicious user who does not have administrative credentials can run code on the destination computer to change the DosDevice object directory. This change could allow the user to obtain system account-level permissions.



Service pack information
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

Hotfix information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows XP service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version      Size    File name --  27-Mar-2002  13:31  5.1.2600.41  45,056  Basesrv.dll 27-Mar-2002 13:32  5.1.2600.41  29,184  Csrsrv.dll



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
CSRSS services only those requests that other processes make on the same local computer. Therefore, the malicious user must run the code on the destination computer. The computers that are most at risk are computers where users can log on interactively by using assigned rights to run a program or to remotely install a service.

For additional security-related information about Microsoft products, visit the following Microsoft Web site:

http://www.microsoft.com/security

For additional information about how to install multiple hotfixes with only one restart, click the following article number to view the article in the Microsoft Knowledge Base:

296861 Use QChain.exe to install multiple hotfixes with only one reboot

Keywords: kbhotfixserver kbqfe kbqfe kbbug kbfix kbwinxpsp1fix KB320388

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.