VulniosVulnios
All Threat Alerts
highCVE Alert
CVE-2002-0367

High Vulnerability: CVE-2002-0367 ā€” microsoft ā€” windows_2000, windows_nt

CISA Known Exploited Vulnerability ā€” Immediate Action Required

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Thursday, April 16, 2026microsoftVulnios Threat Intelligence
Share:

Executive Summary

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Why It Matters

CVE-2002-0367 is rated HIGH severity, requiring immediate attention from security teams.

āš ļø This vulnerability is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, indicating it has been actively exploited in the wild. Federal agencies must remediate by the deadline.

CVSS Base Score: 7.8/10

Affected Technologies

Vendors: microsoft

Products: windows_2000, windows_nt

šŸ›”ļøWhat Defenders Should Check

  • Check if you are affected ā€” Review your asset inventory for products listed in CVE-2002-0367.
  • Apply available patches ā€” Visit vendor advisories for the latest security updates.
  • Monitor for exploitation ā€” Check your SIEM/IDS logs for related indicators.
  • Prioritize remediation ā€” This is a CISA KEV entry. Federal agencies: remediate by the mandated deadline.
  • CISA Deadline: 2022-03-24

    • Use Vulnios to continuously monitor your exposure to CVE-2002-0367 and similar vulnerabilities.

    References & Sources

  • http://marc.info/?l=ntbugtraq&m=101614320402695&w=2
  • http://www.iss.net/security_center/static/8462.php
  • http://www.securityfocus.com/archive/1/262074
  • http://www.securityfocus.com/archive/1/264441
  • http://www.securityfocus.com/archive/1/264927
  • http://www.securityfocus.com/bid/4287
  • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024
  • https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158
  • https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76
  • http://marc.info/?l=ntbugtraq&m=101614320402695&w=2

    • AI Security Advisor

    Powered by Gemini

    Get AI-powered security recommendations tailored to this specific threat ā€” including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

    Affected Products

    windows_2000windows_nt

    Sources

    actively_exploitedhigh

    Protect Your Organization

    Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts ā€” all in one platform.

    Get Started FreeFree Security ScanOSINT Dashboard

    Get instant alerts on Telegram

    Join our public channel for real-time critical CVE alerts.

    Follow @vulnios