COMMAND

    kernel

SYSTEMS AFFECTED

    Win2000

PROBLEM

    Following is  based on  a Microsoft  Security Bulletin (MS00-069).
    Input Method Editors (IMEs) enable character-based languages  such
    as Chinese to be entered via a standard 101-key keyboard.  When an
    IME is installed as part of  the system setup, it is available  by
    default as  part of  the logon  screen. In  such a  case, the  IME
    should  recognize  that  it  is  running  in  the  context  of the
    LocalSystem  and  not  in  the  context  of  a  user, and restrict
    certain functions.  However,  the IME for Simplified  Chinese does
    not   correctly   recognize   the   machine   state,  and  exposes
    inappropriate functions as part of the logon screen.  As a result,
    a malicious user who had access to either a physical keyboard or a
    terminal  server  session  on  an  affected  machine  could   gain
    LocalSystem privilege even without logging onto the machine.

    This vulnerability only affects the Simplified Chinese version  of
    Windows 2000  by default  - customers  using any  other version of
    Windows 2000  are not  affected.   Even if  the Simplified Chinese
    IMEs were  installed after  setup as  part of  a language pack, it
    would not  be present  as part  of the  logon screen and therefore
    would not pose a security  threat.  The vulnerability allows  only
    the  local  machine  to  be  compromised,  but  does not grant any
    domain privileges  (unless, of  course, the  local machine happens
    to be a domain controller).  Because the vulnerability is  exposed
    as part of the logon screen, it could only be exploited by a  user
    who  had  physical  access  to  a  keyboard,  or who could start a
    terminal server session on an affected machine. If best  practices
    - which  strongly recommend  against giving  normal users physical
    access to  critical servers,  or allowing  terminal server session
    on such  servers -  have been  followed, this  vulnerability would
    affect only workstations and terminal servers.

    Customers running any other language version of Windows 2000  only
    need to  take action  if they  installed a  Simplified Chinese IME
    during system setup.

SOLUTION

    Patch availability:

        - Microsoft Windows 2000, Simplified Chinese version: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24631
        - Microsoft Windows 2000, English version: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24627

    This  patch  can  be  installed  on  systems running Windows 2000,
    either  with  or  without  Service  Pack  1.   The  patch  will be
    incorporated into Service Pack 2.