DOCUMENT:Q255984 18-NOV-2000 [iis] TITLE :PRB: IIS5 User Privilege Elevation Vulnerability PRODUCT :Internet Information Server PROD/VER:WINDOWS:2000; winnt:5.0 OPER/SYS: KEYWORDS:kbOSWin2000 kbDSupport kbIIS kbiis500 kbWin2000PreSP1Fix kbWin2000sp1Fix ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server 5.0 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Server - Microsoft Windows 2000 Professional ------------------------------------------------------------------------------- SYMPTOMS ======== A user logged on to a Windows 2000-based computer that is running Internet Information Services (IIS) can obtain system user privileges. The user does not have to be an administrator. This can be done only when the user is either: - locally logged on to the computer (physically present). -or- - accessing the server through Windows 2000 Server with Terminal Services (Terminal Services running in Application Server mode). In both cases the "log on locally" right is needed. RESOLUTION ========== To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, please see the following article in the Microsoft Knowledge Base: Q260910 How to Obtain the Latest Windows 2000 Service Pack STATUS ====== Microsoft has confirmed this to be a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 1. Additional query words: CLSID_IISAdmin IConnectionPointContainer LocalSystem Security ====================================================================== Keywords : kbOSWin2000 kbDSupport kbIIS kbiis500 kbWin2000PreSP1Fix kbWin2000sp1Fix Technology : kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Serv kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbiisSearch kbiis500 kbWinAdvServSearch Version : WINDOWS:2000; winnt:5.0 Hardware : ALPHA x86 Issue type : kbbug Solution Type : kbfix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2000.