Microsoft KB Archive/290315

= COM Cients Under SVCHOST May Run with Elevated Privileges =

Article ID: 290315

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q290315



SYMPTOMS
Component Object Model (COM) clients that are running under the system account may be able to spawn new processes that use elevated privileges.



CAUSE
This behavior can occur because the COM Service Control Manager does not enforce the EOAC_DISABLE_AAA flag. This flag prevents COM clients that are running as SYSTEM services from activating servers under the client token. System services that run in SVCHOST are vulnerable if this flag is not enforced, because they use this flag to ensure that COM servers that are launched do not run as SYSTEM.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.

Keywords: kbbug kbfix kbnetwork kbpolicy kbwin2000presp2fix KB290315

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.