Microsoft admits to Windows 2000 glitch

Microsoft has issued a security advisory about a potentially devastating fault in its Windows 2000 operating system.

The glitch affects servers and desktops alike, and may allow an attacker to execute malicious code by way of a buffer overflow type attack.

The glitch, detailed in Microsoft Security Bulletin (MS01-013), centres around the Windows 2000 Event Viewer, which keeps a log of activity and events in the operating system kernel.

But the advisory reveals that "Event Viewer has an unchecked buffer in a section of the code that displays the detailed view of event records". This means that if Event Viewer is intentionally given malformed data in one of the fields, the program will stop working or could be made to run malicious code by using a buffer overrun.

It is also worth noting that any malicious code inputted into the Event Viewer will be run at the security level of the user who executes it. Should a super-user view a maliciously modified file, the code could be used to run root level commands.

However, the one limiting factor of the vulnerability is that the attacker must have network-level access to the machine - the vulnerability cannot be exploited remotely.

Microsoft has confirmed that the glitch is present in Windows 2000 Professional, 2000 Server, 2000 Advanced Server and 2000 Datacenter Server systems. The company has recommended patching all critical servers, and said that network managers should consider rolling the fix out to desktops.