Description
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
Products
- Microsoft Windows NT Service Pack 4
- Microsoft Windows NT 3.5.1 SP4
- Microsoft Windows 4.0 sp4
- Microsoft Windows NT 4.0 Service Pack 4 Embedded Edition x64
- Microsoft Windows NT 4.0 Service Pack 4 Embedded Edition x86
- Microsoft Windows NT 4.0 Service Pack 4 Enterprise Edition x64
- Microsoft Windows NT 4.0 Service Pack 4 Enterprise Edition x86
- Microsoft Windows NT 4.0 Service Pack 4 Server Edition x64
- Microsoft Windows NT 4.0 Service Pack 4 Server Edition x86
- Microsoft Windows NT 4.0 Service Pack 4 Terminal Server Edition x64
- Microsoft Windows NT 4.0 Service Pack 4 Terminal Server Edition x86
- Microsoft Windows NT 4.0 Service Pack 4 Workstation Edition x64
- Microsoft Windows NT 4.0 Service Pack 4 Workstation Edition x86
- Microsoft Windows 4.0 sp4 embedded
- Microsoft Windows 4.0 sp4 enterprise
- Microsoft Windows 4.0 sp4 server
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows 4.0 sp4 workstation
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-1999-1317, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1317 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References