CVE-2000-0070 is a local privilege escalation vulnerability affecting Microsoft Windows NT 4.0. The vulnerability arises from the NtImpersonateClientOfPort local procedure call (LPC), which is a mechanism used for inter-process communication within the Windows NT operating system. Specifically, the flaw allows a local user to spoof an LPC port request, thereby impersonating a client process. This impersonation can be exploited to escalate privileges from a lower-privileged user account to SYSTEM-level privileges. The vulnerability does not require prior authentication but does require local access to the system. The attack vector involves sending a specially crafted LPC request that the system incorrectly validates, leading to the elevation of privileges. The CVSS v2 base score is 7.2, indicating a high severity level, with the vector string AV:L/AC:L/Au:N/C:C/I:C/A:C, meaning the attack requires local access, low complexity, no authentication, and results in complete compromise of confidentiality, integrity, and availability. Although this vulnerability is over two decades old and specifically affects Windows NT 4.0, which is now obsolete and unsupported, it remains a critical issue for legacy systems still in operation. Microsoft released a patch (MS00-003) to address this vulnerability, which should be applied to affected systems to mitigate the risk. There are no known exploits in the wild currently documented, but the potential impact remains significant due to the nature of the privilege escalation.

For European organizations, the impact of this vulnerability primarily concerns legacy systems still running Windows NT 4.0, which may be found in industrial control systems, legacy financial systems, or specialized environments where upgrading is challenging. Exploitation could allow an attacker with local access—such as an insider threat or someone who has gained physical or remote access through other means—to escalate privileges to SYSTEM level, enabling full control over the affected machine. This could lead to unauthorized access to sensitive data, disruption of critical services, and the potential for lateral movement within the network. Given the complete compromise of confidentiality, integrity, and availability, the vulnerability could facilitate data breaches, sabotage, or persistent footholds in critical infrastructure. However, the impact is mitigated by the requirement for local access and the obsolescence of the affected OS. Nonetheless, organizations relying on legacy Windows NT 4.0 systems in sectors such as manufacturing, utilities, or government may face significant operational risks if unpatched.

1. Immediate application of the official Microsoft patch MS00-003 on all Windows NT 4.0 systems to remediate the vulnerability. 2. Where possible, phase out Windows NT 4.0 systems and migrate to supported operating systems to eliminate exposure to this and other legacy vulnerabilities. 3. Implement strict access controls to limit local access to systems running Windows NT 4.0, including physical security measures and network segmentation to restrict remote access. 4. Employ host-based intrusion detection systems (HIDS) and monitoring to detect unusual privilege escalation attempts or suspicious LPC activity. 5. Conduct regular audits of legacy systems to identify and document any instances of Windows NT 4.0 in use, ensuring they are either patched or isolated. 6. Educate system administrators and security personnel about the risks associated with legacy systems and the importance of applying patches and limiting access. 7. Consider deploying application whitelisting and least privilege policies to reduce the attack surface on legacy systems.