ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Join ZDNet's roundtable on datacentres

Resources Downloads

Download Now

Windows 2000 LPC Vulnerability Patch


License Free
Requirements None
Downloads 206 Limitations None
Publisher Microsoft File Size 1.4M
Date added 07 Oct 2000 Check your speed

Report a broken link

This patch eliminates several security vulnerabilities that could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. Several vulnerabilities have been identified in the Windows NT 4.0 and Windows 2000 implementations of LPC and LPC ports:

  • The Invalid LPC Request vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail.
  • The LPC Memory Exhaustion vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted.
  • The Predictable LPC Message Identifier vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible, under certain conditions, to send bogus requests to a privileged process in order to gain additional local privileges.
  • A new variant of the previously-reported Spoofed LPC Port Request vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes.
Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he/she could log onto interactively. Typically, workstations and terminal servers would be chiefly at risk, because, if normal security practices have been followed, normal users will not be allowed to log onto critical servers interactively. This also means that, even in the worst case, the vulnerability would only confer additional local-'not domain-'privileges on the malicious user.

Visit the LPC Vulnerability FAQ for more information.

Download Now

Did you find this download useful?
6 out of 12 users found this download useful


People who downloaded this software also downloaded...

SpyWall Anti-Spyware 1.4.3.1

Remove spyware and keep them out with a browser sandbox.

More info +

Download


Cute Password Manager 2008.1.3.8

Log into Web sites and fill forms with just a few mouse clicks.

More info +

Download


SolidShare 2.6.11

Connect anyone on your network to the Internet with one ISP account and one modem.

More info +

Download


Watch N Catch 1.0

Protect your assets with an IP-based video surveillance system.

More info +

Download


EasyCryptor 1

Encrypt and decrypt any files and send results to your e-mail address.

More info +

Download


Child Computer Lock 1.6

Protect your privacy by locking your computer.

More info +

Download


Digital Vault 2.1.5.1

Encrypt, hide, and protect your personal data.

More info +

Download


Portable Vault 2.0.0.7

Protect sensitive information on your portable USB Drive.

More info +

Download


ItsCryptic 1

Protect files confidential to you or your business by encrypting them.

More info +

Download


n-Pass2Go 2.7.0.465

Store and manage your passwords and encrypted data on any removable device.

More info +

Download



Download

Embarcadero Power SQL

Embarcadero PowerSQL simplifies SQL development for application developers with many features for improving productivity and reducing errors.

  • Downloads: 4,717
  • Requirements:
  • License: Vendor registration required
  • Publisher: Embarcadero
  • Size: 0

Download Now

More In Security management


Sentry Posts Blog

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

3 comments

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Post a comment

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

5 comments

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link

DOWNLOAD

Security Essentials

Security Downloads

There are masses of security suites out there for small businesses. Here's a selection to get you started

Editor’s Rating
1 Norton 360™
2 AVG Anti-Virus Free Edition Rating: 10
3 PC Tools AntiVirus Free Edition
4 Kaspersky Internet Security

See All Software

In association with Symantec