Microsoft Security Bulletin MS05-047
Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege
Published: October 11, 2005
Web Security Summary
Who should read this document: Visitors who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege
Maximum Severity Rating: Important
Recommendation: Visitors should apply the update at the earliest opportunity.
Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.
Tested Software and Security Update Download Locations:
Microsoft Windows 2000 Service Pack 4
Executive Security Summary
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that Visitors apply the update at the earliest opportunity.
Plug and Play Vulnerability – CAN-2005-2120:
A remote code execution and local elevation of privilege vulnerability exists in Plug and Play that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system.
You must restart your system after you apply this security update.