Microsoft says the debugging app found in Windows NT 4 Server and Windows 2000 contains a "critical" flaw. Under certain circumstances, the flaw could enable a hacker to circumvent the authentication system used by the debugger, take control of an app and possibly launch others, according to a Microsoft security bulletin. Attackers could take any action on the system, including deleting data, adding administration accounts, or reconfiguring the hijacked system.
The likelihood of a successful attack, Microsoft says, is mitigated because the attacker would have to log on the system, either at the keyboard or through a terminal session.
More details, including an available patch to fix the flaw, are available athttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-024.asp