Suggest A Fix PC Support Forums > MS Patch Available: Flaw in Windows WM

Full Version: MS Patch Available: Flaw in Windows WM_TIMER Messa

Suggest A Fix PC Support Forums > Security > Security News and Warnings

Interceptor

Dec 14 2002, 04:28 AM

Microsoft Windows NT 4.0, Terminal Server Edition/2000/XP

Windows messages provide a way for interactive processes to react to user events (e.g., keystrokes or mouse movements) and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer. If that second process had higher privileges than the first, this would provide the first process with a way of exercising them.

If you restrict access between different users of your computer, you should install this update. If you are the only person who uses your computer, or if you don't use passwords or other measures to limit access to accounts on your computer, it is not important that you install this update.

For more information and patch availability:
328310

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.