• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft Windows 2000 Simplified Chinese IME Vulnerability

Severity: MODERATE

Description:

An Input Method Editor (IME) enables a standard 101-key keyboard to type out character-based languages (eg. Chinese, Korean, etc). Any user who has physical or virtual access (via a Terminal Server session) to a system running Windows 2000 that has Simplified Chinese IME installed can log on in a LocalSystem context without providing any credentials whatsoever.

Under normal conditions, an IME should only run under a user's security context. During the logon screen process, the Simplified Chinese IME runs in the LocalSystem context (operating system context) and displays certain functions which should not be made available to a user who hasn't logged on yet. Due to this flaw, any user can logon interactively to the system without entering a username or password. Successful exploitation of this vulnerability would allow full access and complete control over the system.

This vulnerability only affects the Simplified Chinese version of Windows 2000. The English version is only susceptible to this vulnerability if the Simplified Chinese IME had been installed during the system setup. If it had been installed after the system setup, the English version would not be vulnerable to this exploit.

Affected Products:

• Avaya DefinityOne Media Servers
• Avaya IP600 Media Servers
• Avaya S3400 Message Application Server
• Avaya S8100 Media Servers
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Server SP1

References:

• Microsoft: Frequently Asked Questions: Microsoft Security Bulletin (MS00-069)

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.