Windows 2000 systems that allow users to interactively log on, such as workstations and terminal servers, are susceptible to a critical vulnerability in the Network Connection Manager. Via a complex exploit scenario, an attacker could use the NCM to execute arbitrary code with full system privileges. Bulletin MS02-042 further explains the security hole, and a patch is available for Win2k systems with Service Pack 2 or 3 installed.

(N-Stalker Security Force)