Check or Attack Name: NTPrivFix

The sechole.exe utility circulated on the Internet can allow a non-administrative user to gain debug-level access on a system process. Using this utility, the non-administrative user may run some code in the system security context and acquire local administrative privileges on the system.

Apply the latest Windows NT 4.0 Service Pack. To apply the latest Windows NT Service Pack, follow these steps:

1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.

Windows NT 4.0 Service Pack 3 (SP3) users must apply the post-SP3 priv-fix patch available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/priv-fix/.

Windows NT 3.51 SP5 customers can download the patch from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/priv-fix/.

Microsoft Knowledge Base Article Q190288, SecHole Lets Non-administrative Users Gain Debug Level Access, http://support.microsoft.com/support/kb/articles/q190/2/88.asp

Microsoft Knowledge Base Article Q190288, SecHole Lets Non-administrative Users Gain Debug Level Access, ftp://ftp.microsoft.com/bussys/winnt/winnt public/fixes/usa/NT40/hotfixes-postSP3/priv-fix/Q190288.TXT hotfixes-postSP5/priv-fix/.

Microsoft Knowledge Base Article Q190288, SecHole Lets Non-administrative Users Gain Debug Level Access, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/priv-fix/Q190288.TXT otfixes-postSP3/priv-fix/

Microsoft Security Bulletin MS98-009, Update Available for Windows NT Privilege Elevation attack, http://www.microsoft.com/security/bulletins/ms98-009.asp