Microsoft KB Archive/243405

= Device Drivers Create their Corresponding DeviceObject with FILE_DEVICE_SECURE_OPEN DeviceCharacteristics =

Article ID: 243405

Article Last Modified on 9/11/2007

-

APPLIES TO


 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q243405



SYMPTOMS
When you open a device object in a program under the following conditions, it is possible to obtain greater access to that object than the designated permissions allow:
 * The device object has already been opened and you specify a relative file name of zero length to open a handle within that object.
 * The path specified to the device includes an additional trailing backslash name or character, and the device does not accommodate a parse routine.

This behavior particularly affects the following files in relation to I/O Manager:
 * Floppy.sys (Floppy Driver in C:\winnt\system32\drivers\)
 * Netdetect.sys (Network Card Detection driver Driver in C:\winnt\system32\drivers\)
 * Parport.sys (Parallel Port Driver in C:\winnt\system32\drivers\)
 * Null.sys (NULL Driver in C:\winnt\system32\drivers\)
 * Beep.sys (BEEP Driver in C:\winnt\system32\drivers\)
 * Scsiport.sys (SCSI Port Driver in C:\winnt\system32\drivers\)
 * Tcpip.sys (TCP/IP driver in C:\winnt\system32\drivers\)



CAUSE
This problem occurs because it is the responsibility of a device driver of the corresponding device that creates or opens a logical DeviceObject in the operating system name space with IoCreateDevice to represent the device. Detail of IoCreateDevice can be found on MSDN at http://msdn.microsoft.com/library/ddkdoc/ntddk/native/ddk/kr/src/k104_22.htm.

In Windows NT 4.0 Service Pack 6a and earlier, the seven aforementioned device drivers do not call IoCreateDevice with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. The seven that are included in the C2 Update call IoCreateDevice with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. The Windows NT IO manager that services IoCreateDevice performs the necessary access check and audits the event if a relative file name of zero length is specified or an additional trailing backslash name or character is included in the path to the device.

NOTE: Other device drivers shipped with Windows NT 4.0 Service Pack 6a have been tested for making the IoCreateDevice call with the FILE_DEVICE_SECURE_OPEN DeviceCharacteristics.



RESOLUTION
To resolve this problem, the following files are available for download from the Microsoft Download Center or Microsoft's FTP site. Click the file names below to download the appropriate file:

English
x86:

Microsoft Download Center: Download Q244599i.exe now

FTP: Download Q244599i.exe now

Alpha:

Microsoft Download Center: Download Q244599a.exe now

FTP: Download Q244599a.exe now

French
x86: FTP: Download Q244599i.exe nowAlpha: FTP: Download Q244599a.exe now

Spanish
x86: FTP: Download Q244599i.exe nowAlpha: FTP: Download Q244599a.exe now For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.



STATUS
Microsoft has confirmed that this is a problem in Windows NT 4.0.

Additional query words: c2 security_patch

Keywords: kbdownload kbbug kbfix kbgraphxlinkcritical kbqfe KB243405

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.