Advertisement

Latest News

[ Windows | Linux | Apple ]

· Reliable source says no chance Apple will ax Mac Pro
· Microsoft accidentally announces Windows 8 Release Preview availability to be May 31
· Video Highlights of Tim Cook's D10 Interview
· Install Cinnamon 1.4 on Fedora 17
· Daily Reviews Summary 05/30/12
· Absinthe jailbreaks nearly 1 million iOS devices over holiday weekend
· CompatDB Updates 05/30/12
· Apple CEO Tim Cook slams Windows 8 again
· Update Rollup 3 for Exchange Server 2010 Service Pack 2 (KB2685289)
· Microsoft outsources copyright enforcement to small Redmond company

Upcoming News

· GIGABYTE G1 Sniper M3 Review @ Vortez
· Visiontek GoDrive 60GB and Racer Series 120GB SSD Review
· CM Storm Sentinel Advance II High Performance Laser Gaming Mouse Review
· Luvinia Celebrates Yutaka's Tomb Expansion & Level Cap Raise with E3 Fight Nights
· OCZ Vertex 4 256GB SSD Review @ Neoseeker
· Intel Core i5-3470 Quad-Core CPU Review @ HotHardware.com
· News: Intel's ultrabook-bound Core i5-3427U processor
· Intel Core i5-3427U: Ivy Bridge For Ultrabooks @ HotHardware
· Intel Ivy Bridge Core i5-3427U / Ultrabook Platform Review: Making Slower Faster
· ASUS P8Z77-M Pro Micro-ATX Motherboard Review @ Hi Tech Legion

Windows Compatibility

· Realtek High Definition Audio for 2K/XP/03
· Win7codecs x64
· Google Chrome 18.0.1025.168 Final
· IObit Malware Fighter
· Silver
· Advanced SystemCare with Antivirus 2012
· K-Lite Codec Pack Update
· Microsoft Mathematics
· AVZ Antiviral Toolkit
· Intel Turbo Boost Technology Monitor

New Forum Topics

· USB Not detected on any PC
by: AntNik45
on: 2012-05-09 18:37
0 replies, 0 views

· RESIDENT EVIL 2 for PC
by: elyp00
on: 2012-05-04 07:55
0 replies, 0 views

· Need to know if those graphic cards works well on Ubuntu
by: Dechiqtor
on: 2012-04-19 23:04
0 replies, 0 views

· Obtaining IE8
by: packman
on: 2012-04-14 19:46
0 replies, 0 views

· A few problems running Warcraft II Battle.net Edition on Vista
by: Lord Claremorris
on: 2012-04-08 16:15
0 replies, 0 views

News Channels

· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Windows XP
· Microsoft
· Updates
· Interviews
· Windows Server 2003
· General
· Windows Vista
· Webcasts
· Windows Server 2008
· Windows Home Server
· Windows 7
· Windows 8
· Windows Phone 7

What's New

Login to see an overview of all news stories since your last visit.

Affiliates

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation

Posted by philipp on: 12/12/2002 04:20 PM [ Print | 0 comment(s) ]

Microsoft has released a new security patch for Windows NT 4.0, Windows 2000, and Windows XP

Windows messages provide a way for interactive processes to react to user events (e.g., keystrokes or mouse movements) and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer. If that second process had higher privileges than the first, this would provide the first process with a way of exercising them.

By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system.

Related Threads

04/10/2003 04:13 AM: Flaw in MicrosoftVM Could Enable System Compromise (0) by KhaineBOT
09/27/2002 05:35 AM: Flaw in Outlook Express caused by XP Service Patch 1? (5) by tylau

All products mentioned are registered trademarks or trademarks of their respective owners.
© 1998-2011 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition