Windows Kernel Flaw Allows Privilege Elevation

A newly patched vulnerability in the Windows kernel opens enterprise systems to a significant threat of attacks from employees and others able to log on at a system keyboard.

Microsoft released a bulletin and patch Wednesday for a problem with the way the Windows kernel passes error messages to a debugger. The Windows kernel fails to limit the size of messages it passes to the debugger, making it possible for a maliciously crafted message to overrun the debugger's buffer. Properly exploitation by a user with keyboard log-on rights could allow privilege elevation, code execution, data corruption and other ills.

"For example, the attacker could execute code that could allow adding accounts with administrative privileges, deleting critical system files or changing security settings," according to Microsoft security bulletin MS03-013. The problem is rated as "Important," the second-most severe rating on Microsoft's threat scale. Microsoft encourages customers to install the patch at the earliest opportunity.

The flaw affects Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000 and Windows XP. "The systems most likely to be affected by this vulnerability are client systems and terminal servers, which regularly allow end users access to the system directly," Microsoft's bulletin said.

Servers, other than terminal servers, are unlikely to be affected as they are normally configured to restrict interactive log on.

Patches were available for each affected version of Windows.

The bulletin is available at

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.