|MS09-064||Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)||Microsoft Windows||Critical||13-11-2009|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server.
Detailed Information on the risk:
An unauthenticated remote code execution vulnerability exists in the way that the Microsoft License Logging Server software handles specially crafted RPC packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the License Logging service. An attacker who successfully exploited this vulnerability could take complete control of the system.
Further information on this exploit is available at : MS09-064