Windows 2000 Network DDE Vulnerability Patch (2/9/01) Patch a security vulnerability in Microsoft Network Dynamic Data Exchange (DDE).
Download

Windows 2000 Network DDE Vulnerability Patch (2/9/01) Ranking & Summary

Windows 2000 Network DDE Vulnerability Patch (2/9/01) Tags

Microsoft Exchange security DDE server plugin DDE Network Patch network vulnerability DDE wrapper DDE Servers DDE client receiver DDE client dynamic network visualization cluster dynamic network dynamic network manipulation exchange security

Windows 2000 Network DDE Vulnerability Patch (2/9/01) Description

Network Dynamic Data Exchange (DDE) is a technology that enables applications on different Windows computers to dynamically share data. This sharing is effected via communications channels called trusted shares, which are managed by a service called the Network DDE Agent. By design, processes on the local machine can levy requests upon the Network DDE Agent, including ones that indicate what application should be run in conjunction with a particular trusted share. However, a vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine.Microsoft recommends that customers using Windows 2000 workstations or who allow unprivileged users to run code on Windows 2000 servers apply the patch immediately. In addition, customers operating Windows 2000 Web servers should consider applying the patch to those machines as well, as a precautionary measure.

Windows 2000 Network DDE Vulnerability Patch (2/9/01) Related Software