NtSetInformationObject() Does Not Check Object Handle in C2 Security Services

ID: Q241414

The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Workstation version 4.0
  • Microsoft Windows NT Server, Enterprise Edition version 4.0

SYMPTOMS

When you are processing a program with Microsoft C2 Security Services (C2SS) on a computer running Windows NT 4.0, the NtSetInformationObject function does not check to verify that a caller remains with the original handle and does not change from a user-mode handle to a kernel-mode handle. Because of the upcoming access-mode changes to object handles, it is important that NtSetInformationObject perform this check for object handle protection.


RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0. For additional information, please see the following article in the Microsoft Knowledge Base:

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack


STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article. This problem was first corrected in Windows NT 4.0 Service Pack 6.


MORE INFORMATION

After you install Windows NT 4.0 Service Pack 6 (SP6), the NtSetInformationObject function maintains this checking process by passing PreviousMode to the ObpSetHandleAttributes function and using a KERNEL OBJECT flag in the object.

For an executive overview of security services and more information on C2 evaluations, please visit the following Microsoft Web site:

http://www.microsoft.com/NTServer/security/exec/

Additional query words: management

Keywords : ntsecurity ntsp kbbug4.00 kbfix4.00 NT4SP6Fix
Version : winnt:4.0
Platform : winnt
Issue type : kbbug


Last Reviewed: October 28, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.