Microsoft KB Archive/246972

= Internet Explorer 5 Task Scheduler Allows Privilege Elevation on Windows NT =

Article ID: 246972

Article Last Modified on 9/27/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.0

-



This article was previously published under Q246972



SYMPTOMS
When you use the schedule feature for updating Web pages that is included with Internet Explorer version 5 to schedule jobs to run at a designated time, it may be possible for a malicious user to obtain elevated privileges on your computer and run a program on the local computer in the System context.

NOTE: Windows NT 4.0 includes a native task scheduler, known as the Schedule or AT service, that does not have this vulnerability. Only computers that are running Windows NT 4.0 with Internet Explorer version 5 installed may be affected by this vulnerability.



CAUSE
The Internet Explorer version 5 scheduling feature enforces control at two points: it restricts who can use the AT utility to create AT jobs, and it only runs AT jobs that are owned by a member of the local Administrators group. However, if a malicious user has Change access to a file owned by an administrator, he or she could modify it to be a valid AT job and place it in the appropriate folder. This would bypass the control mechanism and allow the job to be run. Internet Explorer version 5.01 eliminates this vulnerability by digitally signing all AT jobs at creation time and verifying the signature at run time.



RESOLUTION
To resolve this issue, upgrade the computer running Internet Explorer version 5 to Internet Explorer version 5.01. You can obtain Internet Explorer 5.01 from the following Microsoft Web site:

http://www.microsoft.com/windows/IE/



STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0.



MORE INFORMATION
For related information about this problem, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS99-051.mspx

For additional security-related information about Microsoft products, please visit the following Microsoft Web site:

http://www.microsoft.com/security/

Keywords: kbprb KB246972

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.