MS02-024: Authentication Flaw in Windows Debugger Can Cause Elevated Privileges (Q320206)

The information in this article applies to:


A privilege elevation vulnerability exists that can allow a malicious user to pose as any user on the computer, including any administrator or the operating system itself.

Because this vulnerability requires the ability to log on interactively and to run a program, the computers that are most likely to be affected by this vulnerability are client computers and Terminal Services servers, which regularly permit users to interactively log on. Internet servers, file and print servers, and program servers such as SQL servers typically restrict the ability to log on interactively, and are less likely to be affected by this vulnerability.


This vulnerability occurs because of a flaw in how access to the debugging facility in Windows is validated. Because of a flaw in how requests to attach to the system debugger are authenticated, unauthorized programs may be able to gain access to the system debugger.


Windows 2000

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next Windows 2000 service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:;EN-US;CNTACTMS
NOTE : In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Download Information

The following file is available for download from the Microsoft Download Center:
] Download the Q320206 package now
Release Date: May 22, 2002

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. After it is posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

Installation Options

You must restart your computer after you apply this update. For additional information about the switches that you can use to apply this update, click the article number below to view the article in the Microsoft Knowledge Base:
Q262841 Windows 2000 Hotfix.exe Program Description and Command-Line Switches
For example, the following command line installs the update without any user intervention and then does not force the computer to restart:
q320206_w2k_sp4_x86_en /q /m /z
WARNING : Your computer is vulnerable until you restart it.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version        Size    File name and path
   29-Apr-2002  15:02  5.0.2195.5695  45,840  %Windir%\System32\Smss.exe
NOTE : Because of file dependencies, this update may contain additional files. This update requires Windows 2000 Service Pack 2 (SP2) or Service Pack 1 (SP1) .
back to the top